John Hogenmiller writes:
> After much back and forth today, I finally managed to get ldap
> authentication working against RHEL's 389 ldap dirsrv (actually, I'm
> running FreeIPA to manage this).
>
> This is a fresh install (today) using the installer script found on
> getgitorious.org. This put me at v2.3.2. After encountering this issue and
> not being able to resolve it, I upgraded to v2.4.5 and I am still
> encountering the same issue. Any help would be appreciated.
>
> What isn't working is the mapping of attributes. According to the doc, I
> shouldn't even need to map attributes because the defaults appear correct.
> "Default: displayname => fullname, mail => email". Each time I log in with
> an ldap user, I get the following error in the production.log:
>
> ActiveRecord::RecordInvalid (Validation failed: Email can't be blank, Email
>> is invalid, Email is too short (minimum is 3 characters)):
>> vendor/rails/activerecord/lib/active_record/validations.rb:1090:in
>> `save_without_dirty!'
John,
First of all: this is the best bug report I ever received, you supplied
all the information I would normally have wished for to help debug this
issue. Thanks!
Next: I'm a little puzzled why this doesn't work :-/ One idea that could
help us get a little further, however, is trying to force an empty email
address, in which case Gitorious should build one for us. You should be
able to achieve this by setting up the attribute mapping, explicitly
omitting the email from the list. This code in
lib/gitorious/authentication/ldap_authentication.rb should help us here:
if user.email.blank?
user.email = "#{username}.example@#{Gitorious.host}"
end
An additional thing to help debug this is to fire up the console
(<path-to-gitorious>/bin/console) and enter something along these lines:
credentials = Gitorious::Authentication::Credentials.new
credentials.username = "<username>"
credentials.password = "<password>"
user = Gitorious::Authentication.authenticate(credentials)
user.inspect
The last line above should display all the attributes for the a user
equivalent to what logging in through the GUI would produce. This means
that `user.email` should at least display what the email gets set to.
Cheers,
- Marius
>
>
>
> Here is my configuration:
>
> production:
>> disable_default: false
>> methods:
>> - adapter: Gitorious::Authentication::LDAPAuthentication
>> host: freeipa1.lab.techs.example.com
>> port: 636
>> base_dn: cn=users,cn=accounts,dc=techs,dc=example,dc=com
>> encryption: simple_tls
>> login_attribute: uid
>> distinguished_name_template:
>> "uid={},cn=users,cn=accounts,dc=techs,dc=example,dc=com"
>> # have tried with and without the attribute mappings commented out
>> attribute_mapping:
>> displayName: fullname
>> mail: email
>
>
> Here is my "ldif" from ldapsearch (some attributes commented out):
>
> # jlastname, users, accounts, techs.example.com
>> dn: uid=jlastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com
>> mail: [email protected]
>> displayName: first lastname
>> cn: first lastname
>> initials: FL
>> gecos: first lastname
>> sn: lastname
>> givenName: first
>> uid: flastname
>
>
> And here is a log entry from the ldap server:
>
> [15/Jan/2013:22:31:42 -0500] conn=640 fd=66 slot=66 SSL connection from
>> 10.100.0.156 to 10.100.0.155
>> [15/Jan/2013:22:31:42 -0500] conn=640 SSL 256-bit AES
>> [15/Jan/2013:22:31:42 -0500] conn=640 op=0 BIND
>> dn="uid=jlastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
>> method=128 version=3
>> [15/Jan/2013:22:31:42 -0500] conn=640 op=0 RESULT err=0 tag=97 nentries=0
>> etime=0 dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
>> [15/Jan/2013:22:31:42 -0500] conn=640 op=-1 fd=66 cltechsd - B1
>> [15/Jan/2013:22:31:42 -0500] conn=641 fd=67 slot=67 SSL connection from
>> 10.100.0.156 to 10.100.0.155
>> [15/Jan/2013:22:31:42 -0500] conn=641 SSL 256-bit AES
>> [15/Jan/2013:22:31:42 -0500] conn=641 op=0 BIND
>> dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
>> method=128 version=3
>> [15/Jan/2013:22:31:42 -0500] conn=641 op=0 RESULT err=0 tag=97 nentries=0
>> etime=0 dn="uid=flastname,cn=users,cn=accounts,dc=techs,dc=example,dc=com"
>> [15/Jan/2013:22:31:42 -0500] conn=641 op=1 SRCH
>> base="cn=users,cn=accounts,dc=techs,dc=example,dc=com" scope=2
>> filter="(uid=flastname)" attrs="displayName mail"
>> [15/Jan/2013:22:31:42 -0500] conn=641 op=1 RESULT err=0 tag=101 nentries=1
>> etime=0 notes=P
>> [15/Jan/2013:22:31:42 -0500] conn=641 op=-1 fd=67 cltechsd - B1
>
>
> Here my environment details:
>
> About your application's environment
>> Ruby version 1.8.7 (x86_64-linux)
>> RubyGems version 1.4.2
>> Rack version 1.0
>> Rails version 2.3.5
>> Active Record version 2.3.5
>> Active Resource version 2.3.5
>> Action Mailer version 2.3.5
>> Active Support version 2.3.5
>> Edge Rails revision 20611a8d233e6e1e5353948a341777dba12f751f
>> Application root /var/www/gitorious/app
>> Environment production
>> Database adapter mysql
>> Database schema version 20120629102742
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
