Re: [gitorious] Virtual hosts ponderings ...

2013-03-21 Thread Marius Mårnes Mathiesen 

Johannes Ernst writes:

> I happen to be reading "man git-daemon", where it says this:
>
>--interpolated-path=
>To support virtual hosting, an interpolated path template can be 
> used to dynamically construct alternate paths. The template
>supports %H for the target hostname as supplied by the client but 
> converted to all lowercase, %CH for the canonical
>hostname, %IP for the server’s IP address, %P for the port number, 
> and %D for the absolute path of the named repository.
>After interpolation, the path is validated against the directory 
> whitelist.
>
> I have not tried this, but this sounds like virtual hosts should
> actually be possible? "supplied by the client" sounds like the Host:
> header in HTTP?

Interesting. The git proxy we use (in config/git-proxymachine.rb) for
translating git:// requests to the hashed paths used on some
installations has some examples on how the git protocol works:

proxy do |data|
  if data =~ /^(git\-upload\-pack|git\ upload\-pack)\s(.+)\x00host=(.+)\x00/
service, path, host = $1, $2, $3
# ...

so it looks like it would work a lot like the HTTP Host: header.

Cheers,
- Marius

-- 
-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [gitorious] LDAP authentication with short user names

2013-03-21 Thread Marius Mårnes Mathiesen 

Thomas Chemineau writes:
> I have the same problem as Peter, I currently have several LDAP uid with 2
> characters.
>
> So, I would like to know if there is still this three-characters limit into
> Gitorious. If not, is there a config parameter somewhere to adjust this
> limit ?

Yes, the limit is still there. If someone feels up to submitting a merge
request for this, we'd be happy to merge that (set up custom validation
for user accounts when LDAP is being used for authentication; plus a
test case demonstrating this).

Cheers,
- Marius

-- 
-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [gitorious] Gitorious & Active Directory (Windows 2008 R2 domain)

2013-03-21 Thread Bobby 
Thanks Ken, I'll give this a try over the weekend.  I appreciate your help. 
 

Bobby

On Tuesday, March 19, 2013 2:00:55 PM UTC-4, Ken Dreyer wrote:
>
> Hi Bobbie, 
>
> You may be able to get more information out of the production.log 
> file. Here's some things to check: 
>
> On Mon, Mar 11, 2013 at 2:37 PM, Bobby 
> > 
> wrote: 
> > When trying to authenticate through the web interface, I have tried the 
> > following options below and keep getting the error message "Email and/or 
> > password did not match, please try again: 
> > 
> > 1) DOMAIN\username 
> > 2) username by iteself 
> > 3) username@domain.local 
>
> You'll only want to use #2, "username by itself". I'm pretty sure you 
> can't authenticate to LDAP with the older-style "DOMAIN\username", and 
> for #3, I'm not sure Gitorious supports "@" signs in usernames. During 
> an LDAP login, the username will be substituted for the "{}" bit of 
> the distinguished_name_template setting, and that should include the 
> "@" sign for you. 
>
>
> > Can someone please tell me what I might be doing wrong here?My 
> > authentication.yml file is below: 
>
> [snip] 
>
> >   # IP/hostname to LDAP server 
> >   host: dc.domain.local 
>
> Hopefully this is the fully-qualified name of your domain controller? 
>
>
> >   # Override the default port (389) 
> >   #port: 1999 
> > 
> >   # The base DN to search 
> >   base_dn: DC=domain,DC=local 
>
> Hopefully this is correct base DN for your LDAP setup? 
>
>
> >   # The base DN when searching for groups (for authorization) 
> >   # If unspecified, base_dn is used 
> >   # group_search_dn: OU=groups,dc=gitorious,dc=org 
> > 
> >   # What LDAP attribute to use for user authentication. Default is 
> CN 
> >   #login_attribute: uid 
>
> Do your users have "uid" attributes on their accounts? You probably 
> want to use "samaccountname" instead for Active Directory. 
>
> >   # How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN, 
> >   # e.g. CN=chris,DC=gitorious,DC=org 
> >   distinguished_name_template: "{}@domain.local" 
>
> This needs to match the "userPrincipalName" attribute on any AD 
> account. So you should check in ADUC or ASDI Edit or whatever that 
> this domain matches the userPrincipalName attribute on your account. 
>
> >   # Map LDAP fields to database fields. 
> >   # Default: displayname => fullname, mail => email 
> >   # attribute_mapping: 
> > # givenName: fullname 
> > # publicEmail: email 
>
> This probably needs to be adjusted, because "givenName" and 
> "publicEmail" attributes probably don't exist in your AD schema. 
> Here's what I use with my AD setup: 
>
>   attribute_mapping: 
> cn: fullname 
> mail: email 
>
> >   # See Net-LDAP for other options, or use "none" for no encryption. 
> >   # Defaults to "simple_tls" if not set. 
> >   encryption: none 
>
> Please note this is not secure, and once you get the other pieces 
> working, you should change it as soon as possible :) 
>
>
> >   # A class/object that will be called after successful 
> authentication 
> >   # through LDAP. Will be "constantized", post_authenticate will be 
> > called 
> >   # with an options hash. See LdapAuthenticationTest. 
> >   #callback_class: SampleCallback 
> > 
> >   # Specify a username/password to use for authenticated bind 
> >   # NOTE: This is required when using LDAP for authorization 
> >   bind_user: 
> > username: ldap_svc@domain.local 
> > password: ldap_svc_password 
>
> If you're at a dead end, you may want to comment out the bind_user 
> section while you're troubleshooting. It shouldn't affect simple 
> password authentication for users, and you can add it back in when 
> you've got the password auth working. 
>
> If you still have problems, I recommend doing a test with "ldapsearch 
> -x -W ..." just to confirm that you can properly authenticate to AD 
> from your system. 
>
> - Ken 
>

-- 
-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[gitorious] configuration["real_path"]

2013-03-21 Thread Johannes Ernst 
I'm trying to successfully invoke /usr/local/bin/gitorious by means of ssh on 
the 'next' branch.

I'm getting a "Access denied or wrong repository path".

It appears that the exception is raised in lib/gitorious/ssh/client.rb, method 
real_path, because configuration["real_path"] is not set.
I cannot find any place where that value is supposed to be set. What am I 
missing?


[In git-daemon, I find:
   real_path = File.expand_path(repository.full_repository_path)
Assuming that configuration["real_path"] is sort of the same idea, it looks 
like it is derived from the path to the repository constructed from 
repository_base_path in the gitorious.xml file. Which would make sense. But 
where is the code that does this?]

Mystified ...



Johannes.

-- 
-- 
To post to this group, send email to gitorious@googlegroups.com
To unsubscribe from this group, send email to
gitorious+unsubscr...@googlegroups.com

--- 
You received this message because you are subscribed to the Google Groups 
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to gitorious+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.