Any time I authenticate a system with LDAP/AD I like to have at least one "local" admin that can get in even if Directory Services go down/have an issue. Essentially a "backdoor" just in case the directory service has an issue.
Is this possible in Jenkins? I can only see the option to enable 1 authentication method at a time.
You're right that vanilla Jenkins can't do more than one authn/authz type, which makes local accounts infeasible. In the scenario where LDAP is unavailable temporarily, what I've done in the past is shut down Jenkins, disable authn/authz via editing Jenkins'
config.xml
(on my Linux systems the full path is/var/lib/jenkins/config.xml
), and then restart Jenkins. Specifically, you'll want to change this line:To:
Note that this will give admin access to anonymous users, so use with caution. If you are comfortable with editing XML by hand, it's also possible to edit this file in such a way as to allow admin access via logging in with a local account.
You can also do any of this with a Groovy script if you happen to have an active session with administrative permissions.