Hi Matthew, On Wednesday, October 10, 2012 12:19:39 PM Matthew Drobnak wrote:
I temporarily set it to a auth user:
[INFO |#27017] Processing MainController#index (for 68.67.167.114 at 2012-10-10 16:16:49) [GET] [DEBUG|#27017] Validate XML request: #ActionController::Request:0x7ff5df8a1c40 [DEBUG|#27017] no schema found, skipping validation for methodgettyperequestactionindexcontrollermain [DEBUG|#27017] AUTH: ["Basic", "REDACTED"] [DEBUG|#27017] Using LDAP to find mdrobnak [DEBUG|#27017] Looking for mdrobnak using ldap [DEBUG|#27017] Cache read: ldap_cache_userpasswd:mdrobnak [DEBUG|#27017] Cache read: ldap_cache_userpasswd:mdrobnak ({:raw=>true}) [DEBUG|#27017] Connecting to ldap.local.appnexus.net as 'uid=cmcvalidation,ou=Pseudousers,dc=appnexus,dc=com'
Here goes something wrong. Looks like we are missing here some exception handling. You should get at least get a log message like "Bound as $YOURBINDUSERSTRING" ... And some more logging ... but instead the ldap init code drops out at:
[DEBUG|#27017] mdrobnak not found in LDAP.
src/api/app/controllers/application_controller.rb: def extract_user [...] if defined?( LDAP_MODE ) && LDAP_MODE == :on begin require 'ldap' logger.debug( "Using LDAP to find #{login}" ) ldap_info = User.find_with_ldap( login, passwd ) rescue LoadError logger.warn "LDAP_MODE selected but 'ruby-ldap' module not installed." ldap_info = nil # now fall through as if we'd not found a user rescue Exception logger.debug "#{login} not found in LDAP." <------------------------- ldap_info = nil # now fall through as if we'd not found a user end
[DEBUG|#27017] User not found with LDAP, falling back to database [DEBUG|#27017] User Load (0.4ms) SELECT * FROM `users` WHERE (login = 'mdrobnak') LIMIT 1 [INFO |#27017] Rendering template within layouts/rbac [INFO |#27017] Rendering status [INFO |#27017] errorcode 'unknown' - Unknown user 'mdrobnak' or invalid password [INFO |#27017] Rendering status (401) [INFO |#27017] Filter chain halted as [:extract_user] rendered_or_redirected. [INFO |#27017] Completed in 21ms (View: 1, DB: 0) | 401 Unauthorized [https://obs01.nym1.appnexus.net/]
But still same problem. Any ideas?
you might want to try this little helper for debugging purposes: You need to adapt the LOGIN and LDAP_ values to your needs: ----8<----- #/usr/bin/ruby require 'ldap' LOGIN = "gollub" LDAP_SEARCH_ATTR = "uid" LDAP_SERVERS = "yourldap.b1-systems.de" LDAP_PORT = 636 LDAP_START_TLS = false LDAP_SSL = :on LDAP_SEARCH_USER="uid=ldapbinduser,ou=obs,dc=b1-systems,dc=de" LDAP_SEARCH_AUTH="SECRET" LDAP_SEARCH_BASE = "ou=users,dc=b1-systems,dc=de" user_filter = "(#{LDAP_SEARCH_ATTR}=#{LOGIN})" # Note: OBS is performing also an ICMP test if LDAP server # is reachable. This little tester is not performing such # test ... begin if LDAP_SSL == :on conn = LDAP::SSLConn.new(LDAP_SERVERS, LDAP_PORT, LDAP_START_TLS) else conn = LDAP::Conn.new(LDAP_SERVERS, LDAP_PORT) end conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3) conn.bind(LDAP_SEARCH_USER, LDAP_SEARCH_AUTH) rescue LDAP::ResultError print "Connect or bind failed: #{conn.err}: ", conn.err2string(conn.err), "\n" exit 1 end dn = String.new conn.search( LDAP_SEARCH_BASE, LDAP::LDAP_SCOPE_SUBTREE, user_filter ) do |entry| print "Bingo: ", entry.dn, "\n" dn = entry.dn end if dn.empty? print "No user found ...\n" end conn.unbind() ---->8------ Best Regards, Daniel -- Daniel Gollub Linux Consultant & Developer Tel.: +49-160 47 73 970 Mail: gollub@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537