After much back and forth today, I finally managed to get ldap
authentication working against RHEL's 389 ldap dirsrv (actually, I'm
running FreeIPA to manage this).
This is a fresh install (today) using the installer script found on
getgitorious.org. This put me at v2.3.2. After encountering this issue and
not being able to resolve it, I upgraded to v2.4.5 and I am still
encountering the same issue. Any help would be appreciated.
What isn't working is the mapping of attributes. According to the doc, I
shouldn't even need to map attributes because the defaults appear correct.
"Default: displayname => fullname, mail => email". Each time I log in with
an ldap user, I get the following error in the production.log:
ActiveRecord::RecordInvalid (Validation failed: Email can't be blank, Email
> is invalid, Email is too short (minimum is 3 characters)):
> vendor/rails/activerecord/lib/active_record/validations.rb:1090:in
> `save_without_dirty!'
Here is my configuration:
production:
> disable_default: false
> methods:
> - adapter: Gitorious::Authentication::LDAPAuthentication
> host: freeipa1.lab.techs.example.com
> port: 636
> base_dn: cn=users,cn=accounts,dc=techs,dc=example,dc=com
> encryption: simple_tls
> login_attribute: uid
> distinguished_name_template:
> "uid={},cn=users,cn=accounts,dc=techs,dc=example,dc=com"
> # have tried with and without the attribute mappings commented out
> attribute_mapping:
> displayName: fullname
> mail: email
Here is my "ldif" from ldapsearch (some attributes commented out):
# jlastname, users, accounts, techs.example.com
> dn: uid=jlastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com
> mail: [email protected]
> displayName: first lastname
> cn: first lastname
> initials: FL
> gecos: first lastname
> sn: lastname
> givenName: first
> uid: flastname
And here is a log entry from the ldap server:
[15/Jan/2013:22:31:42 -0500] conn=640 fd=66 slot=66 SSL connection from
> 10.100.0.156 to 10.100.0.155
> [15/Jan/2013:22:31:42 -0500] conn=640 SSL 256-bit AES
> [15/Jan/2013:22:31:42 -0500] conn=640 op=0 BIND
> dn="uid=jlastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
> method=128 version=3
> [15/Jan/2013:22:31:42 -0500] conn=640 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
> [15/Jan/2013:22:31:42 -0500] conn=640 op=-1 fd=66 cltechsd - B1
> [15/Jan/2013:22:31:42 -0500] conn=641 fd=67 slot=67 SSL connection from
> 10.100.0.156 to 10.100.0.155
> [15/Jan/2013:22:31:42 -0500] conn=641 SSL 256-bit AES
> [15/Jan/2013:22:31:42 -0500] conn=641 op=0 BIND
> dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
> method=128 version=3
> [15/Jan/2013:22:31:42 -0500] conn=641 op=0 RESULT err=0 tag=97 nentries=0
> etime=0 dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
> [15/Jan/2013:22:31:42 -0500] conn=641 op=1 SRCH
> base="cn=users,cn=accounts,dc=techs,dc=example,dc=com" scope=2
> filter="(uid=flastname)" attrs="displayName mail"
> [15/Jan/2013:22:31:42 -0500] conn=641 op=1 RESULT err=0 tag=101 nentries=1
> etime=0 notes=P
> [15/Jan/2013:22:31:42 -0500] conn=641 op=-1 fd=67 cltechsd - B1
Here my environment details:
About your application's environment
> Ruby version 1.8.7 (x86_64-linux)
> RubyGems version 1.4.2
> Rack version 1.0
> Rails version 2.3.5
> Active Record version 2.3.5
> Active Resource version 2.3.5
> Action Mailer version 2.3.5
> Active Support version 2.3.5
> Edge Rails revision 20611a8d233e6e1e5353948a341777dba12f751f
> Application root /var/www/gitorious/app
> Environment production
> Database adapter mysql
> Database schema version 20120629102742
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
