Thanks for your prompt answer .
It was just a stupid mistake in setting the auth.ldap.server:
I have used ldaps://localhost/ instead of ldap://localhost/, as you mention.
Now it works.
(probably I should do it later, when implementing the ssl secure connection)
The reason of such pretty complicated approach (using ldap/ssh/fuse) should be
probably related to avoiding to create posix accounts (i.e. linux users) on the
hosting server. In this way they should be constrained to the SCM chroot
environment.
But this it is possible also installing LDAP directly on the hosting machine
and making some changes in the PAM configuration files (same procedure like
building a SAMBA server, creating samba users only and not posix users).
Eventually when this setup is working, I will post the procedure.
What has to be updated in the current distribution is the ladap-setup.py file.
1) When installing on Ubuntu 14.04 LTS, the standard install of "slapd" and
"ldap-utils" is loading "back_hdb" module by default.
Running ladap-setup.py without commenting out the following lines:
# Load dynamic backend modules !
# dn: cn=module,cn=config
# objectClass: olcModuleList
# cn: module
# olcModulepath: /usr/lib/ldap
# olcModuleload: back_hdb
will result in a fatal error for the Python shell.
2) A fatal error occurs if also the following lines are not commented out:
# Create max uid generator ! gives error /2015-07-02
dn: cn=maxUid,$suffix
objectClass: extensibleObject
objectClass: top
uidNumber: 10000
If you try to create such maxUid, the following error is reported:
...
add objectClass:
extensibleObject
top
add uidNumber:
10000
adding new entry "cn=maxUid,dc=localdomain"
ldap_add: Object class violation (65)
additional info: no structural object class provided
....
This because both extensibleObject and top are "SUP AUXILIARY" and not "SUP
STRUCTURAL" as required.
I have set up the system without and it seems to work correctly. If instead it
is better to have such entry, the point is:
What kind of structural object class has to be used? (i.e.
organizationalUnit, or any other?)
Coming back to the goal: it is correctly the matching between Allura and repo
access (only registration through the Allura user register procedure to be also
able to automatically get write access to the repository (both git or svn, till
to decide) (for developers only).
I tried to use the web controlled auth using the procedure described in
https://forge-allura.apache.org/docs/getting_started/scm_host.html, as you
suggested, but I was not able to succeed. This was the reason to move to LDAP.
I will try again, before to continue on the LDAP route, and eventually I will
post some question (hopfully not).
Thanks again
Livio Mazzarella
-----Original Message-----
From: Dave Brondsema [mailto:d...@brondsema.net]
Sent: giovedì 23 luglio 2015 20:25
To: Livio Mazzarella; dev@allura.apache.org
Subject: Re: Some Allura problems.
(I got this email privately, and am replying on the dev list, with Livio's
permission)
I haven't used the ldap/ssh/fuse setup myself. It's a pretty complicated
approach. If all you need is users to match between Allura and repo access,
that approach isn't needed. You can use the approach documented at
https://forge-allura.apache.org/docs/getting_started/scm_host.html
One downside I should point out is that if you want to use SVN repos, you'll
need to patch/compile SVN. Or just have your config file list out all the
repos that you use, and update it when you make a new project/repo.
If you want LDAP for some other reason, you can still use the approach at
https://forge-allura.apache.org/docs/getting_started/scm_host.html instead
(avoid all the chroot/fuse complex stuff). It just integrates Allura with your
repos, and backs with any auth.method choice.
If you do want to use LDAP (which again, is not necessary if just want Allura &
repo auth to be integrated) the instructions at
https://forge-allura.apache.org/docs/getting_started/installation.html#using-ldap
will be useful. Specifically check the auth.ldap.server setting. You might
need ldap:// instead of ldaps://
Let us know how it goes! If you have further questions in getting it set up,
please do reply. (To the dev list is best)
On 7/21/15 2:40 PM, Livio Mazzarella wrote:
> Dear Dave,
>
>
>
> sorry if I am using your private e-mail, but it was the simplest way
> for me to contact you. Let me know if eventually I can still use such
> way or if you prefer another one.
>
>
>
> I have installed the Allura latest version (production setup) in on a "fresh"
> Ubuntu 14.04.2 LTS server and I have problem with user's
> authentication. When I am using auth.method=local everything is
> working fine. My problems start when I am trying to use Allura with
> LDAP authentication ( this because I would like to use the Allura
> registration to automatically create LDAP users to manage the repository
> access).
>
> I was not able to make that working at all, both using the method
> suggested on
> https://forge-allura.apache.org/docs/getting_started/scm_host_ssh.html
> #scm-hosting-ssh, using schroot and debootstrap, or installing LADP
> directly on the server. In both cases when I try to login with an
> already (locally) registered user or to register a new user, I get the
> error "SERVER_DOWN: {'desc': "Can't contact LDAP server"}.
>
> The LDAP server is correctly working and the database correctly
> initialized ( I just installed phpldapadmin to quickly check that: a screen
> shot is attached too).
>
>
>
> In the attached pdf file the weberror trace back is reported. I also
> attached the development.ini and the modified ldap-setup.py file I
> have used to set up LDAP. Why is the "open_ldap_config =
> string.Template(." not used? Where, eventually, these setup have to be
> included, if they are responsible for the error.
>
>
>
> Tanks in advance for any possible suggestion to solve that issue.
>
>
>
> PS. Our goal is to use Allura for an open source project we have been
> developing in the field of building energy performance simulation tools.
>
>
>
> Prof. Livio Mazzarella
>
>
>
> Professore Ordinario di Fisica Tecnica Ambientale
>
> Politecnico di Milano - Dipartimento di Energia
>
> Coordinatore del Gruppo di Ricerca BEES "Buildings' Environment and Energy
> Systems"
> Responsabile del Laboratorio di Acustica
>
--
Dave Brondsema : d...@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
