HUDSON: how to manually encode the LDAP managerPassword?

Question

I need to know how to manually encode the LDAP managerPassword which controls the authentication to hudson:

<securityRealm class="hudson.security.LDAPSecurityRealm">
    <server>ldap.example.org</server>
    <rootDN>dc=example,dc=org</rootDN>
    <userSearchBase>ou=People</userSearchBase>
    <userSearch>uid={0}</userSearch>
    <groupSearchBase>ou=Groups</groupSearchBase>
    <managerDN>cn=admin,dc=example,dc=org</managerDN>
    <managerPassword>{HOW DO I ENCODE THIS?}</managerPassword>
</securityRealm>

This question has already been raised here: http://jenkins.361315.n4.nabble.com/How-to-encode-the-LDAP-managerPassword-td2295570.html

The answer was to configure the managerPassword field via the hudson web interface. The problem we have is that in order to configure LDAP one must be authenticated to hudson, which we cannot do because our LDAP authentication is currently broken (password mismatch between LDAP and the hudson configuration).

Can someone explain how to manually encode the LDAP managerPassword?

Thanks

Answer 1

Password value is base64 encoded. You can encode it online: www.base64encode.org and decode it here: www.base64decode.org.

Answer 2

I found how to do this. This is simply base64. But linux's console base64 adds padding characters while in jenkins config.xml is stored without it. So I had to use perl's base64:

perl -e 'use MIME::Base64; print encode_base64('password');'

Answer 3

Try using slappasswd. It should get you something like rootpw {SSHA}vv2y+i6V6esazrIv70xSSnNAJE18bb2u.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-ldap-quickstart.html

On Debian: apt-get install slapd.