Fatal编程技术网
  • ldap/
  • Gerrit+LDAP=LDAP身份验证不可用Tuleap

Gerrit+LDAP=LDAP身份验证不可用Tuleap

ldap

Gerrit+LDAP=LDAP身份验证不可用Tuleap,ldap,gerrit,tuleap,Ldap,Gerrit,Tuleap,我一直在尝试设置gerrit以使用LDAP身份验证。我多次阅读文档,其中一些链接不适用于从tuleap获取的关于主题的示例文档提出了不同的解决方案和解释。我发现tuleap为ldap.inc提供了三种不同的配置。由于缺乏解释,这非常令人困惑 所以我被这个问题困住了。我花了好几个小时阅读并试图解决这个问题。有人能告诉我我做错了什么吗?这是我的 ldap公司 <?php // LDAP server(s) to query for more information on Tuleap

我一直在尝试设置gerrit以使用LDAP身份验证。我多次阅读文档,其中一些链接不适用于从tuleap获取的关于主题的示例文档提出了不同的解决方案和解释。我发现tuleap为ldap.inc提供了三种不同的配置。由于缺乏解释,这非常令人困惑

所以我被这个问题困住了。我花了好几个小时阅读并试图解决这个问题。有人能告诉我我做错了什么吗?这是我的

ldap公司

    <?php

// LDAP server(s) to query for more information on Tuleap users and 
// for authentication.
// You may use a comma-separated list if there are several servers available
// (leave blank to disable LDAP lookup). 
// To specify secure LDAP servers, use 'ldaps://servername' 
$sys_ldap_server = 'techhub.lt';

// To enable LDAP information on Tuleap users, also define the DN 
// (distinguised name) to use in LDAP queries.
// The ldap filter is the filter to use to query the LDAP directory
// (%name% are substituted with the value from the user table)
$sys_ldap_dn     = 'dc=techhub,dc=lt';

// For LDAP systems that do not accept anonymous binding, define here
// a valid DN and password:
$sys_ldap_bind_dn = "cn=admin,dc=techhub,dc=lt";
$sys_ldap_bind_passwd = "pass";

// LDAP authentication:
// Tuleap only supports authentication with a attempt to bind with LDAP server
// with a DN and a password.
// As the DN is usually long (eduid=1234,ou=people,dc=tuleap,dc=com) people 
// usually authenticate themself with a login. So we need to first look 
// for the DN that correspond to the given login and once found attempt to bind
// with the given password. 
// In order to autenticate successfully users you need to properly 

// User login (authentication 1st step)
$sys_ldap_uid   = 'uid';

// User unique identifier. It's probably not the uid (or login) because it
// may change. This is a value that never change whatever happens to the
// user (even after deletion). It correspond to ldap_id field in user table
// in database.
// (authentication 2st step)
$sys_ldap_eduid = 'eduid';

// User common name   
$sys_ldap_cn    = 'cn';
// User email address
$sys_ldap_mail  = 'mail';

// Specific DN to look for people
// You may use more than one DN separated by ; if you want to use several branches.
// Example : 'ou=People, dc=st, dc=com ; ou=Extranet, dc=st, dc=com'
$sys_ldap_people_dn     = 'ou=people,dc=techhub,dc=lt';

// Filter used to look for user. It should cover a wide selection of
// fields because it's aim to find a user whatever it's given (email, name,
// login, etc).
$sys_ldap_search_user='(|(uid=%words%)(cn=%words%)(mail=%words%))';

// By default tooltip search is using ($sys_ldap_cn=%words%*) search filter (Hardcoded)
// You can change for a more sophisticated search 
// $sys_ldap_tooltip_search_user='(&(|(sn=%words%*)(givenName=%words%*)(uid=%words%*))(!(givenName=BoiteVocale))(uid=*))';

// By default tooltip search attrs are $sys_ldap_cn and $sys_ldap_uid (Hardcoded)
// You can choose the attributes the search will retrieve
// $sys_ldap_tooltip_search_attrs='uid;sn;givenName';

// On account creation, what it the default user status (A, R, ...)
$sys_ldap_default_user_status = 'A';

// Enable LDAP based authentication for SVN by default for new projects 
$sys_ldap_svn_auth = 1;

// Enable LDAP daily synchronization
$sys_ldap_daily_sync = 1;

// Enable usage of LDAP for people management. For instance autocompletion on
// user list, automatic creation of users not already referenced in the forge.
$sys_ldap_user_management = 1;

// Enable ldap group management.
// This allows to mirror a LDAP group defined in LDAP directory within the forge
// Doesn't work yet with only works with OpenLDAP compatible directories yet.
$sys_ldap_grp_enabled   = 1;

// Specific DN where the user groups are
$sys_ldap_grp_dn        = 'ou=groups,dc=techhub,dc=lt';
// Field that reprsent group name
$sys_ldap_grp_cn        = 'cn';
// Field that indicate the membership of a user in a group
$sys_ldap_grp_member    = 'uniquemember';

?>
这是两个不同的问题

您是否设法通过gerrit上的LDAP帐户进行身份验证

如果是,我认为问题来自$sys_ldap_eduid='eduid';tuleap ldap配置中的参数。此属性应该是ldap中帐户的唯一标识符。如果您具有此属性,则可以使用“uid”作为回退

[gerrit]
    basePath = git
    canonicalWebUrl = http://techhub.lt:2401/
[database]
    type = H2
    database = db/ReviewDB
[sendemail]
    smtpServer = localhost
[container]
    user = root
    javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.45.x86_64/jre
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = http://*:2401/
[cache]
    directory = cache

[auth]
    type = LDAP
[ldap]
    server = ldap://techhub.lt
    accountBase = ou=people,dc=cro,dc=techhub,dc=lt
    groupBase = ou=group,dc=cro,dc=techhub,dc=lt
    accountFullName = cn