Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

[Bin Li (BLOOMBERG/ 120 PARK)]

Django app detected
Working in development environment 
BASE_DIR 
'/opt/utils/venv/pulp/3.7.3/lib64/python3.7/site-packages/pulpcore/app'
DEBUG False
ALLOWED_HOSTS ['*']
MEDIA_ROOT '/var/lib/pulp/'
STATIC_ROOT '/var/lib/pulp/assets/'
DEFAULT_FILE_STORAGE 'pulpcore.app.models.storage.FileSystem'
FILE_UPLOAD_TEMP_DIR '/var/lib/pulp/tmp/'
WORKING_DIRECTORY '/var/lib/pulp/tmp/'
FILE_UPLOAD_HANDLERS ['pulpcore.app.files.HashingFileUploadHandler']
SECRET_KEY '3e$d+861lqv8x6y39p%^0!3(=%jzw6()g!u44%(=u@1_5p42g!'
INSTALLED_APPS ['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django_filters',
 'drf_yasg',
 'rest_framework',
 'pulpcore.app',
 'pulp_rpm.app.PulpRpmPluginAppConfig',
 'pulp_file.app.PulpFilePluginAppConfig']
INSTALLED_PULP_PLUGINS ['pulp_rpm', 'pulp_file']
OPTIONAL_APPS ['crispy_forms', 'django_extensions', 'storages']
MIDDLEWARE ['django.middleware.security.SecurityMiddleware',
 'whitenoise.middleware.WhiteNoiseMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']
AUTHENTICATION_BACKENDS 
['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
ROOT_URLCONF 'pulpcore.app.urls'
TEMPLATES [{'APP_DIRS': True,
  'BACKEND': 'django.template.backends.django.DjangoTemplates',
  'DIRS': 
['/opt/utils/venv/pulp/3.7.3/lib64/python3.7/site-packages/pulpcore/app/templates'],
  'OPTIONS': {'context_processors': ['django.template.context_processors.debug',
 
'django.template.context_processors.request',
 
'django.contrib.auth.context_processors.auth',
 
'django.contrib.messages.context_processors.messages']}}]
WSGI_APPLICATION 'pulpcore.app.wsgi.application'
REST_FRAMEWORK {'DEFAULT_AUTHENTICATION_CLASSES': 
['rest_framework.authentication.SessionAuthentication',

'pulpcore.app.authentication.PulpRemoteUserAuthentication'],
 'DEFAULT_FILTER_BACKENDS': 
['django_filters.rest_framework.DjangoFilterBackend'],
 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
 'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated'],
 'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.URLPathVersioning',
 'PAGE_SIZE': 100,
 'UPLOADED_FILES_USE_URL': False,
 'URL_FIELD_NAME': 'pulp_href'}
AUTH_PASSWORD_VALIDATORS [{'NAME': 
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
 {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
 {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
 {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}]
LANGUAGE_CODE 'en-us'
TIME_ZONE 'UTC'
USE_I18N ['USE_I18N', True]
USE_L10N True
USE_TZ True
STATIC_URL '/static/'
DATABASES {'default': {'ENGINE': 'django.db.backends.postgresql_psycopg2',
 'HOST': 'localhost',
 'NAME': 'pulp',
 'PASSWORD': 'pulp',
 'PORT': 5432,
 'USER': 'pulp'}}
LOGGING {'disable_existing_loggers': False,
 'formatters': {'simple': {'format': 'pulp: %(name)s:%(levelname)s: '
 '%(message)s'}},
 'handlers': {'console': {'class': 'logging.StreamHandler',
  'formatter': 'simple'}},
 'loggers': {'': {'handlers': ['console'], 'level': 'INFO'}},
 'version': 1}
CONTENT_PATH_PREFIX '/pulp/content/'
CONTENT_APP_TTL 120
REMOTE_USER_ENVIRON_NAME 'HTTP_REMOTE_USER'
ALLOWED_IMPORT_PATHS []
PROFILE_STAGES_API False
SWAGGER_SETTINGS {'DEFAULT_AUTO_SCHEMA_CLASS': 
'pulpcore.app.openapigenerator.PulpAutoSchema',
 'DEFAULT_GENERATOR_CLASS': 
'pulpcore.app.openapigenerator.PulpOpenAPISchemaGenerator',
 'DEFAULT_INFO': 'pulpcore.app.urls.api_info'}
REDOC_SETTINGS {'SPEC_URL': 
'/pulp/api/v3/docs/?format=openapi_html=1'}
CONTENT_ORIGIN 'http://myhost.bloomberg.com'
SETTINGS '/etc/pulp/settings.py'

Here is the log. gunicorn seems take the remote_user
Apr 22 09:18:58 ip-1-76-158-49 gunicorn[12150]: pulp: django.request:WARNING: 
Forbidden: /pulp/api/v3/remotes/rpm/rpm/
Apr 22 09:18:58 ip-1-76-158-49 gunicorn[12150]: 127.0.0.1 - bli4 
[22/Apr/2020:13:18:58 +] "GET /pulp/api/v3/remotes/rpm/rpm/ HTTP/1.0" 403 
58 "-" "HTTPie/0.9.4"
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Created slice User Slice of root.
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Started Session 324743 of user root.
Apr 22 09:19:01 ip-1-76-158-49 systemd[1]: Removed slice User Slice of root.
Apr 22 09:19:05 ip-1-76-158-49 gunicorn[12150]: 127.0.0.1 - bli4 
[22/Apr/2020:13:19:05 +] "GET /pulp/api/v3/status/ HTTP/1.0" 200 1178 

Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

[Dennis Kliban]

Could you please share your settings by running the following commands on
your Pulp server:

export DJANGO_SETTINGS_MODULE=pulpcore.app.settings
export PULP_SETTINGS=/etc/pulp/settings.py (or wherever your settings are)
dynaconf list

Don't forget to obfuscate any settings you don't want to share.

On Wed, Apr 22, 2020 at 9:15 AM Bin Li (BLOOMBERG/ 120 PARK) <
bli...@bloomberg.net> wrote:

>
> Thank Dennis. This fixes the issue restarting pulp. With my LDAP
> credential, now I can
> http -a id:pwd GET localhost/pulp/api/v3/status/ but getting
> "Authentication credentials were not provided" for all other uri
> /remtes/rpm/rpm/. It looks like pulp is not using external authentication
> and still need its own authentication somehow.
>
>
> From: dkli...@redhat.com At: 04/22/20 06:52:35
> To: Bin Li (BLOOMBERG/ 120 PARK ) 
> Cc: pulp-list@redhat.com
> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>
> You need to replace
>
> REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] =
>
> with
>
> REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES =
>
> On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK) <
> bli...@bloomberg.net> wrote:
>
>> This setting actually failed to restart pulp. See errors below.
>>
>> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name
>> 'REST_FRAMEWORK' is not defined
>> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
>> -0400] [24417] [INFO] Worker exiting (pid: 24417)
>> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
>> -0400] [24414] [INFO] Shutting down: Master
>> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
>> -0400] [24414] [INFO] Reason: Worker failed to boot.
>> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main
>> process exited, code=exited, status=3/NOTIMPLEMENTED
>> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service
>> entered failed state.
>> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed.
>> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]:
>> pulpcore-resource-manager.service holdoff time over, scheduling restart.
>>
>>
>> From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49
>> To: dkli...@redhat.com
>> Cc: pulp-list@redhat.com
>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>>
>> Yes, I did
>> # pip list |grep dynaconf
>> dynaconf 3.0.0rc1
>>
>>
>> From: dkli...@redhat.com At: 04/21/20 20:01:00
>> To: Bin Li (BLOOMBERG/ 120 PARK ) 
>> Cc: pulp-list@redhat.com
>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>>
>> Did you update dynaconf to 3.0.0rc1? There was a bug that caused the
>> settings to get merged instead of overwritten.
>>
>> [0] https://pulp.plan.io/issues/6244
>> [1] https://pypi.org/project/dynaconf/3.0.0rc1/
>>
>> On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) <
>> bli...@bloomberg.net> wrote:
>>
>>> I have followed the setup
>>> https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup
>>> nginx LDAP authentication.
>>>
>>> This command works "http -a admin:password GET
>>> localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The
>>> Cookie is the base64 encoded ldap username and password.
>>>
>>> I assume I should follow the below so I don't have to specify admin:pwd
>>>
>>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy
>>>
>>> Adding the below to settings.py doesn't seem to work.
>>> REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
>>> AUTHENTICATION_BACKENDS =
>>> ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
>>> REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = (
>>> 'rest_framework.authentication.SessionAuthentication',
>>> 'pulpcore.app.authentication.PulpRemoteUserAuthentication'
>>>
>>> I am a little confused what need to be added for this setup.
>>> nginx <---http---> gunicorn  pulpcore.app.wsgi application
>>>
>>> Please advise
>>> Thanks
>>>
>>>
>>> From: dkli...@redhat.com At: 04/17/20 10:45:31
>>> To: Bin Li (BLOOMBERG/ 120 PARK ) 
>>> Cc: pulp-list@redhat.com
>>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>>>
>>> Theoretically you should be able to use pulpcore-client even with LDAP
>>> authentication in the web server. However, I have not tested this. I've
>>> only helped users that use certificate authentication in the webserver.
>>> What error are you seeing on the client side? Do you see any errors in pulp
>>> logs?
>>>
>>> On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) <
>>> bli...@bloomberg.net> wrote:
>>>
 Thanks Dennis.

 We use pulpcore python client to interact with api. Once we enable ldap
 on nginx, the below code that pulpcore-client authenticate will not work
 any more. I am wonder if we are still be able to use pulpcore-client? or we
 have to rewrite the client code. This sounds too much work for us for now.
 configuration = pulpcore.Configuration()
 

Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

[Bin Li (BLOOMBERG/ 120 PARK)]

Thank Dennis. This fixes the issue restarting pulp. With my LDAP credential, 
now I can
http -a id:pwd GET localhost/pulp/api/v3/status/ but getting "Authentication 
credentials were not provided" for all other uri /remtes/rpm/rpm/. It looks 
like pulp is not using external authentication and still need its own 
authentication somehow.


From: dkli...@redhat.com At: 04/22/20 06:52:35To:  Bin Li (BLOOMBERG/ 120 PARK 
) 
Cc:  pulp-list@redhat.com
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

You need to replace

REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] =

with 

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = 
On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK) 
 wrote:

This setting actually failed to restart pulp. See errors below.

Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name 
'REST_FRAMEWORK' is not defined
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] 
[24417] [INFO] Worker exiting (pid: 24417)
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] 
[24414] [INFO] Shutting down: Master
Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27 -0400] 
[24414] [INFO] Reason: Worker failed to boot.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main process 
exited, code=exited, status=3/NOTIMPLEMENTED
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service entered 
failed state.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed.
Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-resource-manager.service 
holdoff time over, scheduling restart.


From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49To:  dkli...@redhat.com
Cc:  pulp-list@redhat.com
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
Yes, I did
# pip list |grep dynaconf
dynaconf3.0.0rc1


From: dkli...@redhat.com At: 04/21/20 20:01:00To:  Bin Li (BLOOMBERG/ 120 PARK 
) 
Cc:  pulp-list@redhat.com
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

Did you update dynaconf to 3.0.0rc1? There was a bug that caused the settings 
to get merged instead of overwritten.

[0] https://pulp.plan.io/issues/6244
[1] https://pypi.org/project/dynaconf/3.0.0rc1/

On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) 
 wrote:

I have followed the setup 
https://www.nginx.com/blog/nginx-plus-authenticate-users/  to setup nginx LDAP 
authentication. 

This command works "http -a admin:password GET 
localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The 
Cookie is the base64 encoded ldap username and password.

I assume I should follow the below so I don't have to specify 
admin:pwdhttps://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy

Adding the below to settings.py doesn't seem to work.
REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
AUTHENTICATION_BACKENDS = 
['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = (
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'

I am a little confused what need to be added for this setup. 
nginx <---http---> gunicorn  pulpcore.app.wsgi application

Please advise
Thanks


From: dkli...@redhat.com At: 04/17/20 10:45:31To:  Bin Li (BLOOMBERG/ 120 PARK 
) 
Cc:  pulp-list@redhat.com
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

Theoretically you should be able to use pulpcore-client even with LDAP 
authentication in the web server. However, I have not tested this. I've only 
helped users that use certificate authentication in the webserver. What error 
are you seeing on the client side? Do you see any errors in pulp logs?

On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) 
 wrote:

Thanks Dennis. 

We use pulpcore python client to interact with api. Once we enable ldap on 
nginx, the below code that pulpcore-client authenticate will not work any more. 
I am wonder if we are still be able to use pulpcore-client? or we have to 
rewrite the client code. This sounds too much work for us for now.
configuration = pulpcore.Configuration()
configuration.host = 'http://localhost'
configuration.username = 'admin'
configuration.password = 'pwd'
rpm_client = pulp_rpm.ApiClient(configuration)

From: dkli...@redhat.com At: 04/16/20 08:38:38To:  Bin Li (BLOOMBERG/ 120 PARK 
) 
Cc:  pulp-list@redhat.com
Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

Please be aware that there is a bug in dynaconf 2.2 with how settings are 
merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best results when 
configuring authentication backends in pulp.

[0] https://pulp.plan.io/issues/6244
[1] https://pypi.org/project/dynaconf/3.0.0rc1/

 
On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban  wrote:

Pulp 3 does not currently support multiple users. We are planning to add 

Re: [Pulp-list] pulpcore-client 3.2 ldap authentication

[Dennis Kliban]

You need to replace

REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] =

with

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES =

On Tue, Apr 21, 2020 at 10:09 PM Bin Li (BLOOMBERG/ 120 PARK) <
bli...@bloomberg.net> wrote:

> This setting actually failed to restart pulp. See errors below.
>
> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: NameError: name
> 'REST_FRAMEWORK' is not defined
> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
> -0400] [24417] [INFO] Worker exiting (pid: 24417)
> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
> -0400] [24414] [INFO] Shutting down: Master
> Apr 21 21:56:27 ip-1-76-158-49 gunicorn[24414]: [2020-04-21 21:56:27
> -0400] [24414] [INFO] Reason: Worker failed to boot.
> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service: main
> process exited, code=exited, status=3/NOTIMPLEMENTED
> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: Unit pulpcore-api.service
> entered failed state.
> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]: pulpcore-api.service failed.
> Apr 21 21:56:27 ip-1-76-158-49 systemd[1]:
> pulpcore-resource-manager.service holdoff time over, scheduling restart.
>
>
> From: Bin Li (BLOOMBERG/ 120 PARK) At: 04/21/20 21:32:49
> To: dkli...@redhat.com
> Cc: pulp-list@redhat.com
> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>
> Yes, I did
> # pip list |grep dynaconf
> dynaconf 3.0.0rc1
>
>
> From: dkli...@redhat.com At: 04/21/20 20:01:00
> To: Bin Li (BLOOMBERG/ 120 PARK ) 
> Cc: pulp-list@redhat.com
> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>
> Did you update dynaconf to 3.0.0rc1? There was a bug that caused the
> settings to get merged instead of overwritten.
>
> [0] https://pulp.plan.io/issues/6244
> [1] https://pypi.org/project/dynaconf/3.0.0rc1/
>
> On Tue, Apr 21, 2020 at 5:59 PM Bin Li (BLOOMBERG/ 120 PARK) <
> bli...@bloomberg.net> wrote:
>
>> I have followed the setup
>> https://www.nginx.com/blog/nginx-plus-authenticate-users/ to setup nginx
>> LDAP authentication.
>>
>> This command works "http -a admin:password GET
>> localhost/pulp/api/v3/repositories/rpm/rpm/ Cookie:nginxauth=XXX". The
>> Cookie is the base64 encoded ldap username and password.
>>
>> I assume I should follow the below so I don't have to specify admin:pwd
>>
>> https://docs.pulpproject.org/installation/authentication.html#webserver-auth-with-reverse-proxy
>>
>> Adding the below to settings.py doesn't seem to work.
>> REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
>> AUTHENTICATION_BACKENDS =
>> ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
>> REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] = (
>> 'rest_framework.authentication.SessionAuthentication',
>> 'pulpcore.app.authentication.PulpRemoteUserAuthentication'
>>
>> I am a little confused what need to be added for this setup.
>> nginx <---http---> gunicorn  pulpcore.app.wsgi application
>>
>> Please advise
>> Thanks
>>
>>
>> From: dkli...@redhat.com At: 04/17/20 10:45:31
>> To: Bin Li (BLOOMBERG/ 120 PARK ) 
>> Cc: pulp-list@redhat.com
>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>>
>> Theoretically you should be able to use pulpcore-client even with LDAP
>> authentication in the web server. However, I have not tested this. I've
>> only helped users that use certificate authentication in the webserver.
>> What error are you seeing on the client side? Do you see any errors in pulp
>> logs?
>>
>> On Fri, Apr 17, 2020 at 10:20 AM Bin Li (BLOOMBERG/ 120 PARK) <
>> bli...@bloomberg.net> wrote:
>>
>>> Thanks Dennis.
>>>
>>> We use pulpcore python client to interact with api. Once we enable ldap
>>> on nginx, the below code that pulpcore-client authenticate will not work
>>> any more. I am wonder if we are still be able to use pulpcore-client? or we
>>> have to rewrite the client code. This sounds too much work for us for now.
>>> configuration = pulpcore.Configuration()
>>> configuration.host = 'http://localhost'
>>> configuration.username = 'admin'
>>> configuration.password = 'pwd'
>>> rpm_client = pulp_rpm.ApiClient(configuration)
>>>
>>> From: dkli...@redhat.com At: 04/16/20 08:38:38
>>> To: Bin Li (BLOOMBERG/ 120 PARK ) 
>>> Cc: pulp-list@redhat.com
>>> Subject: Re: [Pulp-list] pulpcore-client 3.2 ldap authentication
>>>
>>> Please be aware that there is a bug in dynaconf 2.2 with how settings
>>> are merged[0]. I recommend upgrading it to dynaconf 3.0.0rc1 for best
>>> results when configuring authentication backends in pulp.
>>>
>>> [0] https://pulp.plan.io/issues/6244
>>> [1] https://pypi.org/project/dynaconf/3.0.0rc1/
>>>
>>>
>>> On Wed, Apr 15, 2020 at 7:02 PM Dennis Kliban 
>>> wrote:
>>>
 Pulp 3 does not currently support multiple users. We are planning to
 add support for RBAC in the near future. However, I don't have a concrete
 timeline for that. With all that said, you still can configure the web
 server to perform authentication[0]. In this case Pulp will