Mailinglist Archive: opensuse-buildservice (116 mails)

< Previous Next >
[opensuse-buildservice] OBS 2.5 Proxy Auth
  • From: Matthew Drobnak <mdrobnak@xxxxxxxxxxxx>
  • Date: Wed, 6 Aug 2014 18:33:17 +0000
  • Message-id: <1407349997.6089.5.camel@mdrobnak-MacBookAir>
I'm in the process of upgrading our now ancient 2.3 version of OBS to

I successfully upgraded it to OpenSUSE 12.2, and OBS 2.4. At that time,
since LDAP support was removed, I added the following to the _webui_

AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "OBS"
AuthType Basic
AuthLDAPBindPassword XXXX
RequestHeader set X-username %{AUTHENTICATE_UID}e
RequestHeader set X-email %{AUTHENTICATE_MAIL}e
require valid-user

and turned on
proxy_auth_mode: :on

However, since webui and api are now one, I put that in the updated
obs.conf vhost file which came with 2.5.

Instead, I now get a forever loop of username/password prompt, and this
is in the logs:

[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.24] Authenticating with
iChain mode: on
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.24] Cache read:
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.24] Dalli::Server#connect
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.24] --> direct_http url:
#<URI::Generic:0x00000004891f58 URL:/person/mdrobnak>
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.26] http_do: method: get
url: https://localhost:443/person/mdrobnak
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.26] Completed 401
Unauthorized in 91ms
[72dcefa6-381f-445f-aae6-01bce85ac3a8] [8595:0.37]
ActiveXML::Transport::UnauthorizedError (<!DOCTYPE HTML PUBLIC
"-//IETF//DTD HTML 2.0//EN">
<title>401 Authorization Required</title>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 406 Not Acceptable
error was encountered while trying to use an ErrorDocument to handle the
<address>Apache/2.2.22 (Linux/SUSE) Server at localhost Port

I have this in the config:
frontend_host: "localhost"
frontend_port: 443
frontend_protocol: "https"

Any ideas? This setup was working on 2.4, but I don't want to be in the
position of being behind again, so I want to get 2.5 working.



PS There was some fun rails stuff during the 2.4->2.5 upgrade..needed to
hit "1" a few times when doing the obs-api upgrade..
< Previous Next >
Follow Ups