I've also just run into the same issue. Unfortunately, adding a bind_user
username/password doesn't help, as our LDAP server doesn't use an account
for binding.
I've fixed the issue by modifying line 30 in
${GITORIOUS_ROOT}/app/lib/gitorious/authorization/ldap/connection.rb to:
connection.auth(bind_user_dn, bind_user_pass) unless bind_user_dn.nil?
I plan to file a bug report and provide a patch.
On Friday, February 22, 2013 10:12:24 AM UTC-6, Charles wrote:
>
> Hello all,
>
> I've been experimenting with the new ldap features that were released a
> few months ago
> (linkage<http://blog.gitorious.org/2012/10/25/ldap-authorization-lands-in-gitorious-mainline/>),
>
> and have noticed some interesting things.
>
> I fired up a new VM and installed the latest gitorious using the new
> installer which worked fabulously. My users can sign in with their AD
> credentials successfully, a new user is generated for them, and everything
> seems ok. However, when I try to view any users profile, I am greeted with
> the good old 'Sorry something went wrong' error 500 page. The stack trace
> in production.log reveals:
>
> ActionView::TemplateError (Unable to connect to the LDAP server on
>>> MY-AD-SERVER:636. Are you sure the LDAP server is running?) on line #140 of
>>> app/views/users/show.html.erb:
>>
>> 137: <li style="clear:left">
>>
>> 138: <span style="float:left; padding: 2px 10px 2px 2px"><%=
>>> image_tag(group.avatar.url(:thumb), :alt => "Avatar", :width => "16")
>>> %></span> <%= link_to h(group.name), group_path(group) -%>
>>
>> 139: </li><% end -%>
>>
>> 140: </ul><% end unless Team.for_user(@user).blank? -%>
>>
>> 141: </div>
>>
>> 142: <div class="clear"></div>
>>
>> 143: </div>
>>
>>
>>> lib/gitorious/authorization/ldap/connection.rb:36:in `bind_as'
>>
>> app/models/ldap_group.rb:121:in `ldap_group_names_for_user'
>>
>> app/models/ldap_group.rb:224:in `groups_for_user'
>>
>> app/models/finders/ldap_group_finder.rb:57:in `for_user'
>>
>> app/models/team.rb:66:in `send'
>>
>> app/models/team.rb:66:in `method_missing'
>>
>> app/views/users/show.html.erb:140
>>
>> ...
>>
>
> I know that the LDAP server is working, and users are able to sign in via
> ldap auth just fine, I just can't view their profiles. I get a similar
> message when trying to add AD groups to the new Create Team dialog.
>
> My authentication.yml looks like the following:
>
> production:
>>
>> #disable_default: true
>>
>> methods:
>>
>> - adapter: Gitorious::Authentication::LDAPAuthentication
>>
>> host: MY-AD-SERVER.SAMPLE.COM
>>
>> port: 636
>>
>> encryption: simple_tls
>>
>> base_dn: DC=SAMPLE,DC=COM
>>
>> bind_username: BINDUSER
>>
>> bind_password: HEYITSAPASSWORD
>>
>> username_attribute: sAMAccountName
>>
>> login_attribute: sAMAccountName
>>
>> membership_attribute_name: memberof
>>
>> members_attribute_name: member
>>
>> distinguished_name_template: "{}@SAMPLE.COM"
>>
>> attribute_mapping:
>>
>> mail: email
>>
>>
>>
> and I do have use_ldap_authorization: true in the gitorious.yml
> configuration file.
>
> Should I be using a different (new) format to specify the bind credentials?
>
> The sample shows
>
> # Specify a username/password to use for authenticated bind
> # NOTE: This is required when using LDAP for authorization
> #bind_user:
> # username: boss
> # password: sikret
>
> Thanks for your help,
>
> Charles
>
--
--
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
