search

gocd / gocd-ldap-authentication-plugin

LDAP authentication plugin for GoCD
https://www.gocd.org
Apache License 2.0
7 stars 13 forks source link

explain two issues that tripped me up for hours #189

Closed caljnj closed 1 year ago

caljnj commented 2 years ago

the need to pub ldaps://xxxx in the URL when you need an ldaps connection is not obvious for for admins who dont setup ldaps/starttls all day. What makes this worse is the deprecated (?) starttls setting in the cruise-config.xml that appears to do the same thing... hence i just assumed that i was requesting ldap over tls until i went and read some of the code...

The second change in the docs is regarding the debug. the line in the gocd server base docker image

GOCD_SERVER_JVM_OPTS+=("-Dgo.console.stdout=true")

which gets added into the wrapper-properties.conf after boot time as: 

wrapper.java.additional.100=-Dgo.console.stdout=true

so obviously this conflicts with any other entries with index100 and caused debugging to not work until i discovered it..

chadlwilson commented 2 years ago

Thanks for the PR. Will try and get some time to look at this. I'm not an expert with ldaps/starttls either :)

Are you able to help me understand where the existing entry with index 100 came from in your case? Depending on which mechanism toy are using to run GoCD (docker, helm, one of the installers) there are some different mechanisms by which it tries to help automatically add properties.

caljnj commented 2 years ago

sure no worries! it's this one here in the gocd server docker image for stdout that is set by default at index 100 https://github.com/gocd/docker-gocd-server/blob/master/docker-entrypoint.sh#L94-L101

but the user could easily set more jvm opts here with indexes that conflict with whatever is set in the wrapper-properties.conf

maybe the docker-gocd-server people could agree to start their indexes above 200...

Also the main gocd docs should be updated to match what's on the README here for gocd-ldap-authentication-plugin.

https://extensions-docs.gocd.org/ldap/current/authorization-configuration/

happy to do it myself but i cant find where the github location for these docs

chadlwilson commented 2 years ago

I think the idea is that if you are using the docker images, your custom stuff should be added to GOCD_SERVER_JVM_OPTS in a single place and the image's container entrypoint will manage splitting the string and updating the wrapper properties and indexes for you via https://github.com/gocd/docker-gocd-server/blob/861fdd0afc6cdb66e4546c523f3c689dfaca1401/docker-entrypoint.sh#L90-L101

IIRC I don't think it's intended that you mount your own wrapper-properties.conf over the top, or underneath the one the image is trying to manage for you.