(Apologies for disastrous email formatting - still getting used to gmail) Attached is a updated version of lib/gitorious/authentication/ldap_authentication.rb which does a simple bind, followed by a search for the required username. Our setup is such that not all users are in the same LDAP container, so the original bind implementation doesn't work.
It's not extensively tested - I've managed to get it working against our AD
servers. I hope it works for you :)
Additional 3 config items are required in config/authentication.yml:
[... original example-type stuff here ...]
bind_username: [email protected]
bind_password:
password_for_unprivileged<[email protected]>
username_attribute: sAMAccountName
Leave "bind_username" unset for existing behaviour (at least that's what I
intended - untested).
This is based on some previous work I found on the net for gitorious LDAP
auth --- original author escapes me for the moment, but I'll post some
proper attribution when I have time to track it down.
Cheers,
Martin
On Tue, Oct 18, 2011 at 9:09 PM, Marius Mårnes Mathiesen <
[email protected]> wrote:
> On Mon, Oct 17, 2011 at 2:10 PM, Wiz of Id <[email protected]> wrote:
>
>> On Friday, October 14, 2011 3:39:07 PM UTC+2, Wiz of Id wrote:
>>
>>> On Fri, Oct 14, 2011 at 3:32 PM, Marius Mårnes Mathiesen
>>> <[email protected]> wrote:
>>>
>>> > On Fri, Oct 14, 2011 at 3:10 PM, Wiz of Id <[email protected]> wrote:
>>> >>
>>> >> Hello,
>>> >> is there any plan to have authenticated bind?
>>> >> I was really excited about the oh-so-wanted feature about LDAP
>>> integration
>>> >> in Gitorious... just to found nowhere in the configuration file any
>>> hints of
>>> >> binding other than anonymous... :(
>>> >
>>> > Hi,
>>> > Did you try it? I'm no LDAP expert, but the current implementation will
>>> use
>>> > the supplied credentials to bind.
>>>
>>> Theese are sweet news to me, but I'm not sure of which configuration
>>> property I have to use for that purpose...
>>>
>>
>> Wait, did you mean that the current implementation will use the
>> credentials supplied by an user trying log in in Gitorious, to authenticate
>> Gitorious on the LDAP server?
>> I guess that won't work in a real environment...
>> I'd expect some dedicated configuration properties like the "auth" portion
>> in the script by IronMania, and then Gitorious should bind to the LDAP
>> server using a user like "simpleUserThatAuthenticatesButDoesntEdit" just
>> like in this configuration sample from my installation of Trac + LDAP
>> plugin:
>>
>
> OK. I will not be writing this, since I don't have access to an LDAP server
> that requires a separate user to bind. If anyone who knows Ruby has access
> to such a server, I'm sure a contribution would be much appreciated.
>
> - Marius
>
> --
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
>
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
ldap_authentication.rb
Description: Binary data
