Thanks Ken, I'll give this a try over the weekend. I appreciate your help.
Bobby On Tuesday, March 19, 2013 2:00:55 PM UTC-4, Ken Dreyer wrote: > > Hi Bobbie, > > You may be able to get more information out of the production.log > file. Here's some things to check: > > On Mon, Mar 11, 2013 at 2:37 PM, Bobby > <bo...@guardedhorizons.com<javascript:>> > wrote: > > When trying to authenticate through the web interface, I have tried the > > following options below and keep getting the error message "Email and/or > > password did not match, please try again: > > > > 1) DOMAIN\username > > 2) username by iteself > > 3) username@domain.local > > You'll only want to use #2, "username by itself". I'm pretty sure you > can't authenticate to LDAP with the older-style "DOMAIN\username", and > for #3, I'm not sure Gitorious supports "@" signs in usernames. During > an LDAP login, the username will be substituted for the "{}" bit of > the distinguished_name_template setting, and that should include the > "@" sign for you. > > > > Can someone please tell me what I might be doing wrong here? My > > authentication.yml file is below: > > [snip] > > > # IP/hostname to LDAP server > > host: dc.domain.local > > Hopefully this is the fully-qualified name of your domain controller? > > > > # Override the default port (389) > > #port: 1999 > > > > # The base DN to search > > base_dn: DC=domain,DC=local > > Hopefully this is correct base DN for your LDAP setup? > > > > # The base DN when searching for groups (for authorization) > > # If unspecified, base_dn is used > > # group_search_dn: OU=groups,dc=gitorious,dc=org > > > > # What LDAP attribute to use for user authentication. Default is > CN > > #login_attribute: uid > > Do your users have "uid" attributes on their accounts? You probably > want to use "samaccountname" instead for Active Directory. > > > # How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN, > > # e.g. CN=chris,DC=gitorious,DC=org > > distinguished_name_template: "{}@domain.local" > > This needs to match the "userPrincipalName" attribute on any AD > account. So you should check in ADUC or ASDI Edit or whatever that > this domain matches the userPrincipalName attribute on your account. > > > # Map LDAP fields to database fields. > > # Default: displayname => fullname, mail => email > > # attribute_mapping: > > # givenName: fullname > > # publicEmail: email > > This probably needs to be adjusted, because "givenName" and > "publicEmail" attributes probably don't exist in your AD schema. > Here's what I use with my AD setup: > > attribute_mapping: > cn: fullname > mail: email > > > # See Net-LDAP for other options, or use "none" for no encryption. > > # Defaults to "simple_tls" if not set. > > encryption: none > > Please note this is not secure, and once you get the other pieces > working, you should change it as soon as possible :) > > > > # A class/object that will be called after successful > authentication > > # through LDAP. Will be "constantized", post_authenticate will be > > called > > # with an options hash. See LdapAuthenticationTest. > > #callback_class: SampleCallback > > > > # Specify a username/password to use for authenticated bind > > # NOTE: This is required when using LDAP for authorization > > bind_user: > > username: ldap_svc@domain.local > > password: ldap_svc_password > > If you're at a dead end, you may want to comment out the bind_user > section while you're troubleshooting. It shouldn't affect simple > password authentication for users, and you can add it back in when > you've got the password auth working. > > If you still have problems, I recommend doing a test with "ldapsearch > -x -W ..." just to confirm that you can properly authenticate to AD > from your system. > > - Ken > -- -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitorious+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.