Mailinglist Archive: opensuse-buildservice (348 mails)

< Previous Next >
[opensuse-buildservice] Using LDAP Authentication
  • From: Andrew Heagle <andrew@xxxxxxxxxx>
  • Date: Thu, 8 Apr 2010 22:54:28 -0400
  • Message-id: <201004082254.28134.andrew@xxxxxxxxxx>
Hi,

We use OpenLDAP as a centralized authentication source for our company, and I
configured the build service I setup to use LDAP.

Authenticating against the LDAP server works, so I can use my username and
password to login and then go assign the appropriate roles in the API
afterwards. However, the scripts do not seem to pickup my email address or my
name.

In /srv/www/obs/api/config/environments/production.rb
I have this set:
LDAP_SEARCH_ATTR = "uid"
LDAP_NAME_ATTR="cn"
LDAP_MAIL_ATTR="mail"

But it always shows my email address to be:
fake@xxxxxxxxxx

Which I see is the default setting in the
/srv/www/obs/api/lib/active_rbac_mixins/user_mixins.rb script.

Here's the pertinent information about me in LDAP:
ldapsearch -LLLx uid=aheagle mail cn
dn: uid=aheagle,ou=People,dc=work,dc=TLD
cn: Andrew Heagle
mail: aheagle@xxxxxxxxxxx

Log Entries:

==> ../../log/obs-api-access.log <==
::ffff:10.10.32.38 obsapi.tor.work-int.TLD - [09/Apr/2010:02:41:51 +0000] "GET
/person/aheagle HTTP/1.1" 200 417 "-" "buildservice-webclient/0.3"



==> ../../log/production.log <==
[I|# 5323]

Processing PersonController#userinfo (for ::ffff:10.10.32.38 at 2010-04-09
02:41:51) [GET]
[I|# 5323] Parameters: {"login"=>"aheagle"}

[D|# 5323] AUTH: BasicYWhlYWdsZTpuaWNldHJ5IQ==
[D|# 5323] Using LDAP to find aheagle

[D|# 5323] Looking for aheagle using ldap

[D|# 5323] Connecting to ops-kerberos.int.work.TLD as ''

[D|# 5323] Bound as
[D|# 5323] Search for (uid=aheagle)
[D|# 5323] Connecting to ops-kerberos.int.work.TLD as
'uid=aheagle,ou=People,dc=work,dc=TLD'
[D|# 5323] Bound as uid=aheagle,ou=People,dc=work,dc=TLD
[D|# 5323] login success = fake@xxxxxxxxxxxxxxxxx
[D|# 5323] User Load (0.5ms) SELECT * FROM `users` WHERE (login =
'aheagle') LIMIT 1
[D|# 5323] USER found: aheagle
[D|# 5323] User aheagle initialised
[D|# 5323] User's source backend <:>
[D|# 5323] Generating for user from parameter aheagle
[D|# 5323] User Load (0.2ms) SELECT * FROM `users` WHERE (`users`.`login`
= 'aheagle') LIMIT 1
[I|# 5323] Rendering person/userinfo
[D|# 5323] SQL (0.2ms) SELECT count(*) AS count_all FROM
`watched_projects` WHERE (`watched_projects`.bs_user_id = 13)
[D|# 5323] WatchedProject Load (0.1ms) SELECT * FROM `watched_projects`
WHERE (`watched_projects`.bs_user_id = 13)
[I|# 5323] Completed in 47ms (View: 3, DB: 1) | 200 OK
[http://obsapi.tor.work-int.TLD/person/aheagle]
[I|# 5323]

Processing PersonController#userinfo (for ::ffff:10.10.32.38 at 2010-04-09
02:41:51) [GET]
[I|# 5323] Parameters: {"login"=>"aheagle"}
[D|# 5323] AUTH: BasicYWhlYWdsZTpuaWNldHJ5IQ==
[D|# 5323] Using LDAP to find aheagle
[D|# 5323] Looking for aheagle using ldap
[D|# 5323] Connecting to ops-kerberos.int.work.TLD as ''
[D|# 5323] Bound as
[D|# 5323] Search for (uid=aheagle)
[D|# 5323] Connecting to ops-kerberos.int.work.TLD as
'uid=aheagle,ou=People,dc=work,dc=TLD'
[D|# 5323] Bound as uid=aheagle,ou=People,dc=work,dc=TLD
[D|# 5323] login success = fake@xxxxxxxxxxxxxxxxx
[D|# 5323] User Load (0.5ms) SELECT * FROM `users` WHERE (login =
'aheagle') LIMIT 1
[D|# 5323] USER found: aheagle
[D|# 5323] User aheagle initialised
[D|# 5323] User's source backend <:>
[D|# 5323] Generating for user from parameter aheagle
[D|# 5323] User Load (4.0ms) SELECT * FROM `users` WHERE (`users`.`login`
= 'aheagle') LIMIT 1
[I|# 5323] Rendering person/userinfo
[D|# 5323] SQL (7.8ms) SELECT count(*) AS count_all FROM
`watched_projects` WHERE (`watched_projects`.bs_user_id = 13)
[D|# 5323] WatchedProject Load (0.2ms) SELECT * FROM `watched_projects`
WHERE (`watched_projects`.bs_user_id = 13)
[I|# 5323] Completed in 194ms (View: 3, DB: 12) | 200 OK
[http://obsapi.tor.work-int.TLD/person/aheagle]
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
This Thread