Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings to get merged instead of overwritten.
[0] https://pulp.plan.io/issues/6244 [1] https://pypi.org/project/dynaconf/3.0.0rc1/ On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) < [email protected]> wrote: > I have followed the setup > https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx > LDAP authentication. > > This command works "http -a admin:password GET > localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXXXXXX". The > Cookie is the base64 encoded ldap username and password. > > I assume I should follow the below so I don't have to specify admin:pwd > > https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy > > Adding the below to settings.py doesn't seem to work. > REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER' > AUTHENTICATION_BACKENDS = > ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend'] > REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = ( > 'rest_framework.authentication.SessionAuthentication', > 'pulpcore.app.authentication.PulpRemoteUserAuthentication' > > I am a little confused what need to be added for this setup. > nginx <---http---> gunicorn <----WSGI----> pulpcore.app.wsgi application > > Please advise > Thanks > > > From: [email protected] At: 04/17/20 10:45:31 > To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> > Cc: [email protected] > Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication > > Theoretically you should be able to use pulpcore-client even with LDAP > authentication in the web server. However, I have not tested this. I've > only helped users that use certificate authentication in the webserver. > What error are you seeing on the client side? Do you see any errors in pulp > logs? > > On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) < > [email protected]> wrote: > >> Thanks Dennis. >> >> We use pulpcore python client to interact with api. Once we enable ldap >> on nginx, the below code that pulpcore-client authenticate will not work >> any more. I am wonder if we are still be able to use pulpcore-client? or we >> have to rewrite the client code. This sounds too much work for us for now. >> configuration = pulpcore.Configuration() >> configuration.host = 'http://localhost' >> configuration.username = 'admin' >> configuration.password = 'pwd' >> rpm_client = pulp_rpm.ApiClient(configuration) >> >> From: [email protected] At: 04/16/20 08:38:38 >> To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> >> Cc: [email protected] >> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication >> >> Please be aware that there is a bug in dynaconf 2.2 with how settings are >> merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results >> when configuring authentication backends in pulp. >> >> [0] https://pulp.plan.io/issues/6244 >> [1] https://pypi.org/project/dynaconf/3.0.0rc1/ >> >> >> On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban <[email protected]> wrote: >> >>> Pulp 3 does not currently support multiple users. We are planning to add >>> support for RBAC in the near future. However, I don't have a concrete >>> timeline for that. With all that said, you still can configure the web >>> server to perform authentication[0]. In this case Pulp will stop performing >>> authentication and will simply look for a WSGI environment variable that >>> contains the username. >>> >>> [0] >>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth >>> [1] >>> https://docs.pulpproject.org/settings.html?highlight=remote_user#remote-user-environ-name >>> >>> On Wed, Apr 15, 2020 at 3:19 PM Bin Li (BLOOMBERG/ 120 PARK) < >>> [email protected]> wrote: >>> >>>> >>>> I am thinking to configure nginx with ldap authentication, but I >>>> couldn't find a way to interact with the api. Does pulpcore-client work >>>> with ldap authentication? Has anyone made httpie work with ldap? >>>> >>>> Thanks >>>> _______________________________________________ >>>> Pulp-list mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/pulp-list >>> >>> >> >
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
