Hello all,
I've been experimenting with the new ldap features that were released a few
months ago
(linkage<http://blog.gitorious.org/2012/10/25/ldap-authorization-lands-in-gitorious-mainline/>),
and have noticed some interesting things.
I fired up a new VM and installed the latest gitorious using the new
installer which worked fabulously. My users can sign in with their AD
credentials successfully, a new user is generated for them, and everything
seems ok. However, when I try to view any users profile, I am greeted with
the good old 'Sorry something went wrong' error 500 page. The stack trace
in production.log reveals:
ActionView::TemplateError (Unable to connect to the LDAP server on
>> MY-AD-SERVER:636. Are you sure the LDAP server is running?) on line #140 of
>> app/views/users/show.html.erb:
>
> 137: <li style="clear:left">
>
> 138: <span style="float:left; padding: 2px 10px 2px 2px"><%=
>> image_tag(group.avatar.url(:thumb), :alt => "Avatar", :width => "16")
>> %></span> <%= link_to h(group.name), group_path(group) -%>
>
> 139: </li><% end -%>
>
> 140: </ul><% end unless Team.for_user(@user).blank? -%>
>
> 141: </div>
>
> 142: <div class="clear"></div>
>
> 143: </div>
>
>
>> lib/gitorious/authorization/ldap/connection.rb:36:in `bind_as'
>
> app/models/ldap_group.rb:121:in `ldap_group_names_for_user'
>
> app/models/ldap_group.rb:224:in `groups_for_user'
>
> app/models/finders/ldap_group_finder.rb:57:in `for_user'
>
> app/models/team.rb:66:in `send'
>
> app/models/team.rb:66:in `method_missing'
>
> app/views/users/show.html.erb:140
>
> ...
>
I know that the LDAP server is working, and users are able to sign in via
ldap auth just fine, I just can't view their profiles. I get a similar
message when trying to add AD groups to the new Create Team dialog.
My authentication.yml looks like the following:
production:
>
> #disable_default: true
>
> methods:
>
> - adapter: Gitorious::Authentication::LDAPAuthentication
>
> host: MY-AD-SERVER.SAMPLE.COM
>
> port: 636
>
> encryption: simple_tls
>
> base_dn: DC=SAMPLE,DC=COM
>
> bind_username: BINDUSER
>
> bind_password: HEYITSAPASSWORD
>
> username_attribute: sAMAccountName
>
> login_attribute: sAMAccountName
>
> membership_attribute_name: memberof
>
> members_attribute_name: member
>
> distinguished_name_template: "{}@SAMPLE.COM"
>
> attribute_mapping:
>
> mail: email
>
>
>
and I do have use_ldap_authorization: true in the gitorious.yml
configuration file.
Should I be using a different (new) format to specify the bind credentials?
The sample shows
# Specify a username/password to use for authenticated bind
# NOTE: This is required when using LDAP for authorization
#bind_user:
# username: boss
# password: sikret
Thanks for your help,
Charles
--
--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
