Gerrit + Jenkins in LDAP environment

Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.

First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.

The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!

For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.

First, let’s create a key for the user that Jenkins is going to use:

ssh-keygen -t rsa -b 2048

You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:

cat | ssh -p 29418 gerrit create-account --ssh-key - jenkins

It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins 🙂


2 thoughts on “Gerrit + Jenkins in LDAP environment

  1. Henry Chen says:

    A silly question: on which side should the “ssh-keygen” be called, or the private key be kept in jenkins side or Gerrit side?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s