Hello all,
I've installed Gitorious using the documentation at
http://www.getgitorious.com/install-gitorious, and having a bit of trouble
getting authentication working with my OpenLDAP server.
I have the following configuration in authentication.yml:
--Start Config Snippet--
methods:
# An adapter is a class that implements an authentication mechanism. You
# can roll your own, or use one of Gitorious' prepackaged ones.
# Available implementations are:
# Gitorious::Authentication::LDAPAuthentication
# Gitorious::Authentication::CrowdAuthentication
############################################################################
# Example of configuring LDAP authentication
- adapter: Gitorious::Authentication::LDAPAuthentication
# IP/hostname to LDAP server
host: 127.0.0.1
base_dn: dc=domain,dc=lan
group_search_dn: ou=groups,dc=domain,dc=lan
login_attribute: uid
encryption: none
username: 'uid=gitorious-reader,ou=service-accounts,dc=domain,dc=lan'
password: 'MyRedactedPassword1!'
givenName: displayName
publicEmail: mail
members_attribute_name: member
--End Config Snippet--
When I attempted to authenticate using 'scripts/test_ldap_connection', after
about 60 seconds it reported a failed attempt. The debug message said that the
LDAP client only searched for my user at 'uid=adeutscher,dc=domain,dc=lan'
(should be 'uid=adeutscher,ou=users,dc=domain,dc=lan').
I then nudged the base_dn property to look in
'uid=adeutscher,ou=users,dc=domain,dc=lan'. The test still took quite a while
to run, but at the end of it all it reported that I had my credentials right.
When I attempted to sign in using my web browser (using the users OU as my
base_dn), I instantly got the generic error screen when I connected with valid
credentials. Invalid credentials were recognized as incorrect. My
production.log had the following error:
--Start Error--
NoMethodError (undefined method `size' for nil:NilClass):
lib/gitorious/authentication/ldap_authentication.rb:126:in `auto_register'
lib/gitorious/authentication/ldap_authentication.rb:106:in `authenticate'
lib/gitorious/authentication.rb:25:in `block in authenticate'
lib/gitorious/authentication.rb:24:in `each'
lib/gitorious/authentication.rb:24:in `authenticate'
app/controllers/sessions_controller.rb:108:in `password_authentication'
app/controllers/sessions_controller.rb:47:in `create'
app/middlewares/dolt_cache_middleware.rb:24:in `call'
app/middlewares/dolt_auth_middleware.rb:26:in `call'
--End Error--
My problem seems similar to this thread:
https://groups.google.com/forum/#!topic/gitorious/vYVzHfbodD4 , in which a user
said that after adding some debug statements it ended up being a problem with
the DN of their proxy user. The was last touched in 2012 and I don't think
anything came of it beyond the discovery of the problem, so instead of raising
it from the dead I decided to re-post the problem here to confirm my
configuration.
As a sanity-check, I made sure that I was successfully able to search through
my LDAP server using the proxy user:
ldapsearch -D 'uid=gitorious-reader,ou=service-accounts,dc=domain,dc=lan' -b
'dc=domain,dc=lan' -x -w 'MyRedactedPassword1!' -H ldap://127.0.0.1
Reader accounts on my LDAP server are allowed to browse the directory by virtue
of being stored in the service-accounts OU, regular user accounts in the users
OU are not allowed to search. Is the LDAP server trying to get the user's
profile information by searching through the user who is signing in, instead of
the proxy user?
Has anyone else encountered this error? If so, how did you fix it?
--
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
---
You received this message because you are subscribed to the Google Groups
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
