Hi,
On 16 November 2017 at 17:21 Bjoern Geuken <bgeuken@suse.de> wrote:
after the update to 2.8.3, I found that local users (most prominent the Admin user ;)) no longer work, when LDAP mode is enabled.
That's right. We've decided that in an OBS setup with LDAP enabled, the user management should only happen via the LDAP instance.
Well, that's nice that this was decided.
But that does throw away lots of useful usecases that -- even though the GUI elements were confusing before -- actually did work.
One example is again the Admin account ;-)
And service users for automated jobs, which often are hard to get into a corporate Directory.
So might I ask to reconsider this decision?
Not my call. I can just say that this change was done intentionally:-)
Though, I should have mentioned earlier that we provided a script[*] to give admin rights to user to handle such a situation:
cd /srv/www/obs/api bundle exec rake user:give_admin_rights tux RAILS_ENV=production
Sorry for the late reply, I've overlooked this one. Seems my filter for this list was messed up.
Björn
[*] http://openbuildservice.org/help/manuals/obs-admin-guide/obs.cha.administrat...
Well, ok, but still we have a chicken-or-egg problem. Given the use case that one wants to deploy obs using an automated deployment process. The final step is, that you configure OBS: curl --insecure -0 --user 'userwithadminrights:<initialpw>' -X PUT -T /srv/obs/configuration-ox.xml https://buildservice.<domain>/configuration But since we do not yet have a user at this stage, this step is no longer possible. Instead, the automated deployment must be interrupted, an ldap user must login - well, that could also be automated, but that is really not nice -, and finally the deployment process can be finished. Finally, there's still this Admin user in OBS. What purpose does that have now? I did a login with my ldap account, assigned admin rights and ran the configuration curl command with success. Do we now have to live with a non-functional account named Admin, or do we have to ask our ldap admins to create a user called Admin??? That would really be unfortunate... -- kind regards, Carsten Hoeger Professional Services Email: carsten.hoeger@open-xchange.com ------------------------------------------------------------------------------------- Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738 Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein Chairman of the Board: Richard Seibt European Office: Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 Managing Directors: Frank Hoberg, Martin Kauss US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA -------------------------------------------------------------------------------------