On 22.09.2017 08:22, Björn Geuken wrote:
On 09/20/2017 09:05 AM, Stefan Seyfried wrote:
Good morning,
after the update to 2.8.3, I found that local users (most prominent the Admin user ;)) no longer work, when LDAP mode is enabled.
That's right. We've decided that in an OBS setup with LDAP enabled, the user management should only happen via the LDAP instance.
Well, that's nice that this was decided. But that does throw away lots of useful usecases that -- even though the GUI elements were confusing before -- actually did work. One example is again the Admin account ;-) And service users for automated jobs, which often are hard to get into a corporate Directory. So might I ask to reconsider this decision?
Björn
It was pretty easy to get the existing users to work again:
+++ app/models/user.rb 2017-09-20 06:45:18.666231345 +0000 @@ -199,7 +199,10 @@ # in the database. Returns the user or nil if he could not be found def self.find_with_credentials(login, password) if CONFIG['ldap_mode'] == :on - return find_with_credentials_via_ldap(login, password) + user = find_with_credentials_via_ldap(login, password) + if user + return user + end end
user = find_by_login(login)
This still does not enable me to create new users (as admin), because I'm just sent to the Sign Up page, which then tells me that new users can only sign up via LDAP.
While looking to also fix that and let an admin allow to create (and edit) local users, I found that in git master many more changes have been made to make this virtually impossible.
So I'm asking why this usecase is actively destroyed. Local OBS users (apart from the obvious Admin user) are useful e.g. as technical accounts, for automation jobs etc. which are not always possible to get into a corporate user directory.
-- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org