Issue
How the LDAP plugin works when SSO is configured in CJOC
Environment
- CloudBees CI (CloudBees Core) - Modern cloud platforms
- CloudBees CI (CloudBees Core) - Traditional platforms - Client Master
- CloudBees CI (CloudBees Core) - Traditional platforms - Operations Center
- CloudBees Jenkins Platform Client Master
- CloudBees Jenkins Platform Operations Center
- CloudBees Jenkins Enterprise
Resolution
When SSO is configured in the Operations Center (CJOC) the login process happens against the CJOC unless it is down. On this case, there is an offline fallback mechanism which allows users to continue loging into the instance through the masters. This fallback mechanism will only work in case the authentication plugin used in CJOC is also installed in the same version in the masters.
In case you selected SSO in the CJOC there is no cache in the masters as the auth is done on CJOC - cache is only done in CJOC, so caching will only start on the masters once CJOC is dead and master uses the fallback. When the fallback happens, the masters will connect to the LDAP server as a fallback and then it will cache these responses in the LDAP lookup. When CJOC comes back it will no longer query the ldap server.
The size and TTL of cache depends on how it is configured in the LDAP plugin configuration under Manage Jenkins -> Configure Global Security
0 Comments