I gave this a try and unfortunately, it does not work for me.
I used the same credentials or variations around it (using
DOMAIN\\username or username@host) based on the one I used in Redmine
or Chilliproject and it failed to authenticate.
And since my server don't support TLS (or LDAPS) I do have to comment
out the setup_encryption function so that ruby can keep quiet, else it's
SSL connect error.
I don't know ruby, so I can't really contribute further other than
noting my findings.
So for my case, I do need authenticated_binds, but have no need for
simple-tls support, which the current system don't seem to support
On 19/10/2011 09:24, Martin Sandiford wrote:
(Apologies for disastrous email formatting - still getting used to gmail)
Attached is a updated version of
lib/gitorious/authentication/ldap_authentication.rb which does a
simple bind, followed by a search for the required username. Our
setup is such that not all users are in the same LDAP container, so
the original bind implementation doesn't work.
It's not extensively tested - I've managed to get it working against
our AD servers. I hope it works for you :)
Additional 3 config items are required in config/authentication.yml:
[... original example-type stuff here ...]
bind_username: [email protected]
<mailto:[email protected]>
bind_password: password_for_unprivileged
<mailto:[email protected]>
username_attribute: sAMAccountName
Leave "bind_username" unset for existing behaviour (at least that's
what I intended - untested).
This is based on some previous work I found on the net for gitorious
LDAP auth --- original author escapes me for the moment, but I'll post
some proper attribution when I have time to track it down.
Cheers,
Martin
On Tue, Oct 18, 2011 at 9:09 PM, Marius Mårnes Mathiesen
<[email protected] <mailto:[email protected]>> wrote:
On Mon, Oct 17, 2011 at 2:10 PM, Wiz of Id <[email protected]
<mailto:[email protected]>> wrote:
On Friday, October 14, 2011 3:39:07 PM UTC+2, Wiz of Id wrote:
On Fri, Oct 14, 2011 at 3:32 PM, Marius Mårnes Mathiesen
<[email protected]> wrote:
> On Fri, Oct 14, 2011 at 3:10 PM, Wiz of Id
<[email protected]> wrote:
>>
>> Hello,
>> is there any plan to have authenticated bind?
>> I was really excited about the oh-so-wanted feature
about LDAP integration
>> in Gitorious... just to found nowhere in the
configuration file any hints of
>> binding other than anonymous... :(
>
> Hi,
> Did you try it? I'm no LDAP expert, but the current
implementation will use
> the supplied credentials to bind.
Theese are sweet news to me, but I'm not sure of which
configuration
property I have to use for that purpose...
Wait, did you mean that the current implementation will use
the credentials supplied by an user trying log in in
Gitorious, to authenticate Gitorious on the LDAP server?
I guess that won't work in a real environment...
I'd expect some dedicated configuration properties like the
"auth" portion in the script by IronMania, and then Gitorious
should bind to the LDAP server using a user like
"simpleUserThatAuthenticatesButDoesntEdit" just like in this
configuration sample from my installation of Trac + LDAP plugin:
OK. I will not be writing this, since I don't have access to an
LDAP server that requires a separate user to bind. If anyone who
knows Ruby has access to such a server, I'm sure a contribution
would be much appreciated.
- Marius
--
To post to this group, send email to [email protected]
<mailto:[email protected]>
To unsubscribe from this group, send email to
[email protected]
<mailto:gitorious%[email protected]>
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
