Hi Bas,
Thanks for the response. Our ldap server isn't setup to authenticate
a user they way the code is currently written. I had to change the
valid_credentials? method in lib/gitorious/authentication/
ldap_authentication.rb to bind to the server with the ldap server
creds then use bind_as to authenticate a user in the ldap system.
Here is the code that I have:
def valid_credentials?(username, password)
return false if password.blank?
@connection = @connection_type.new({:encryption =>
@encryption,
:host => @server,
:port => @port,
:base => @base_dn})
@connection.auth(@ldap_server_user, @ldap_server_pass)
result = @connection.bind_as(:filter =>
"(sAMAccountName=#{username})", :password => password)
result ? true : false
end
I had to create new instance variables: @ldap_server_user and
@ldap_server_pass which I set in authentication.yml these are
credentials I have to use to bind to the ldap server. Then I use the
actual user and password for the user trying to login to bind_as which
will validate the user.
Another note, I found it confusing that in the valid_credentials?
method that the code wasn't using "@" for the instance variable
"connection". When that is the syntax for a local variable which
wasn't the case since they set @connection in the beginning to create
a new instance of ldap. Anyways with the code above I was able to
validate against our ldap server.
Thanks,
Jay
On Mar 3, 8:00 pm, Bas Vodde <[email protected]> wrote:
> Hi Jay,
>
> I'm using LDAP over ldaps and with user/password and I didn't need to tweak
> any of the gitorious code. So, this *shouldn't* be needed AFAIK.
>
> One thing you do want to do is update the LDAP library. I already put in a
> merge request. But with the old 0.0.4 LDAP library, I would get werid errors.
> The upgrade is not difficult, but you need to pay attention because the LDAP
> library has changed name..
>
> At first, I wanted to use a ldap-user for logging in, like you suggested. But
> then I realized that you can just login as the actual user. We configured the
> authentication.yml as:
>
> methods:
> - adapter: Gitorious::Authentication::LDAPAuthentication
> server: server-name :)
> port: 636
> base_dn: dc=companyname,dc=com
> login_attribute: uid
>
> distinguished_name_template: "uid={},ou=people,dc=company,dc=com"
> attribute_mapping:
> mail: email
>
> encryption: simple_tls
>
> (I changed the sername and the DNs)
>
> Hope this will help you.
>
> Thanks,
>
> Bas
>
> On 03-Mar-2012, at 1:17 PM, JayP wrote:
>
>
>
>
>
>
>
> > So it turns out this error message comes when you use the wrong port and
> > use encryption. The port is "636" when your using encryption.
>
> > I also had to tweak the valid_credentials? method to use bind_as since we
> > need to bind first with a special username/password then bind_as using the
> > login username/password.
>
> > On Friday, March 2, 2012 11:18:22 AM UTC-5, JayP wrote:
> > Just to add a little more information to this. We have a username and
> > password to the ldap server that is different from the actual user that I
> > need to authenticate. Meaning the ldap server username is like so:
>
> > "CN=ldap-user,CN=Users,DC=NAME,DC=LOCAL"
>
> > Where do I add this and the ldap password in the authentication.yml file?
> > And when testing the ldap server using the script I am guessing I am using
> > my ldap account to verify.
>
> > Thanks.
>
> > On Friday, March 2, 2012 10:33:34 AM UTC-5, JayP wrote:
> > Hey guys,
>
> > I'm getting this failure when I try to test my ldap settings:
>
> > /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ldap.rb:1059:in
> > `connect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state
> > (OpenSSL::SSL::SSLError)
> > from
> > /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ldap.rb:1059:in
> > `setup_encryption'
> > from
> > /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ldap.rb:1025:in
> > `initialize'
> > from
> > /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ldap.rb:700:in `new'
> > from
> > /usr/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ldap.rb:700:in
> > `bind'
> > from
> > /var/www/gitorious/lib/gitorious/authentication/ldap_authentication.rb:61:i
> > n `valid_credentials?'
> > from script/test_ldap_connection:18
>
> > I think it may have to do with our server requires a username and password
> > to the ldap server but I couldn't find out what the exact attributes are
> > for this. Anyone else doing this? Thanks in advance for your help.
>
> > Thanks,
> > Jay
>
> > --
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
