I've also just run into the same issue. Unfortunately, adding a bind_user username/password doesn't help, as our LDAP server doesn't use an account for binding.
I've fixed the issue by modifying line 30 in ${GITORIOUS_ROOT}/app/lib/gitorious/authorization/ldap/connection.rb to: connection.auth(bind_user_dn, bind_user_pass) unless bind_user_dn.nil? I plan to file a bug report and provide a patch. On Friday, February 22, 2013 10:12:24 AM UTC-6, Charles wrote: > > Hello all, > > I've been experimenting with the new ldap features that were released a > few months ago > (linkage<http://blog.gitorious.org/2012/10/25/ldap-authorization-lands-in-gitorious-mainline/>), > > and have noticed some interesting things. > > I fired up a new VM and installed the latest gitorious using the new > installer which worked fabulously. My users can sign in with their AD > credentials successfully, a new user is generated for them, and everything > seems ok. However, when I try to view any users profile, I am greeted with > the good old 'Sorry something went wrong' error 500 page. The stack trace > in production.log reveals: > > ActionView::TemplateError (Unable to connect to the LDAP server on >>> MY-AD-SERVER:636. Are you sure the LDAP server is running?) on line #140 of >>> app/views/users/show.html.erb: >> >> 137: <li style="clear:left"> >> >> 138: <span style="float:left; padding: 2px 10px 2px 2px"><%= >>> image_tag(group.avatar.url(:thumb), :alt => "Avatar", :width => "16") >>> %></span> <%= link_to h(group.name), group_path(group) -%> >> >> 139: </li><% end -%> >> >> 140: </ul><% end unless Team.for_user(@user).blank? -%> >> >> 141: </div> >> >> 142: <div class="clear"></div> >> >> 143: </div> >> >> >>> lib/gitorious/authorization/ldap/connection.rb:36:in `bind_as' >> >> app/models/ldap_group.rb:121:in `ldap_group_names_for_user' >> >> app/models/ldap_group.rb:224:in `groups_for_user' >> >> app/models/finders/ldap_group_finder.rb:57:in `for_user' >> >> app/models/team.rb:66:in `send' >> >> app/models/team.rb:66:in `method_missing' >> >> app/views/users/show.html.erb:140 >> >> ... >> > > I know that the LDAP server is working, and users are able to sign in via > ldap auth just fine, I just can't view their profiles. I get a similar > message when trying to add AD groups to the new Create Team dialog. > > My authentication.yml looks like the following: > > production: >> >> #disable_default: true >> >> methods: >> >> - adapter: Gitorious::Authentication::LDAPAuthentication >> >> host: MY-AD-SERVER.SAMPLE.COM >> >> port: 636 >> >> encryption: simple_tls >> >> base_dn: DC=SAMPLE,DC=COM >> >> bind_username: BINDUSER >> >> bind_password: HEYITSAPASSWORD >> >> username_attribute: sAMAccountName >> >> login_attribute: sAMAccountName >> >> membership_attribute_name: memberof >> >> members_attribute_name: member >> >> distinguished_name_template: "{}@SAMPLE.COM" >> >> attribute_mapping: >> >> mail: email >> >> >> > and I do have use_ldap_authorization: true in the gitorious.yml > configuration file. > > Should I be using a different (new) format to specify the bind credentials? > > The sample shows > > # Specify a username/password to use for authenticated bind > # NOTE: This is required when using LDAP for authorization > #bind_user: > # username: boss > # password: sikret > > Thanks for your help, > > Charles > -- -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitorious+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.