Out of box Rundeck does not support pulling LDAP credentials. The basic authentication module only checks against the LDAP server for success/failure, but the internal rdusers database still stores First Name, Last Name, and E-Mail address for each user, but expects them to manually fill out this information themselves.

In a small 5-10 person environment, that’s probably fine. In a 100+ person environment, that’s just asking for problems.

I worked with the Rundeck developers and found out there’s been a ticket for over a year requesting the feature, but it sounds like they don’t really need use/need that, and therefor it’s very low priority (aka probably not going to happen any time soon).

I took a look at the Jetty authentication module which was terrible, and decided I could write a quick fix for myself at least.

It’s not as optimal as having the application do it on login, but I chose to go with a batch script that runs daily and checks for missing e-mail address and pulls the information from LDAP.

The information is fairly static, but I may add a once a month job that re-scans all users and does a force update no matter what — just in case e-mail or name changes (marriage?). Seems unlikely, but it’s something.

I posted the python script on github, and the Rundeck devs were pretty excited and seemed to like it. So that was fun.

Plus, it was a fun excuse to write a python program.


Leave a Reply