search

pombreda / gitblit

Automatically exported from code.google.com/p/gitblit
Apache License 2.0
0 stars 0 forks source link

unable to troubleshoot ldap issues. #402

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. configured gitblit:

realm.authenticationProviders = ldap
realm.ldap.accountBase = ou=People,dc=ugo-wallet,dc=com
realm.ldap.accountPattern = (objectClass=posixAccount)
realm.ldap.admins = @scalar
realm.ldap.displayName = cn
realm.ldap.email = ${uid}@ugo-wallet.com
realm.ldap.groupBase = ou=Group,dc=ugo-wallet,dc=com
realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(memberUid=*)))
realm.ldap.groupMemberPattern = (&(objectClass=group)(memberUid=${username}))
realm.ldap.maintainTeams = true
realm.ldap.password = password
realm.ldap.removeDeletedUsers = true
realm.ldap.server = ldap://ugo-dsp-ldap-01.ugo-wallet.com/
realm.ldap.synchronize = false
realm.ldap.syncPeriod = 5 MINUTES
realm.ldap.uid = uid
realm.ldap.username = uid=ugo-dsp-gitblit-01,ou=Machines,dc=ugo-wallet,dc=com

2. use customg log4j file:

 ...
 log4j.rootCategory=DEBUG, R
 ...

3. start the server:

 java -Dlog4j.configuration=file:///srv/gitblit-1.4.1/data/log4j.properties -jar gitblit.jar --baseFolder data

What is the expected output? What do you see instead?

 I expect to see some sort of line indicating the parsed config, an attempt to connect to ldap and the result. I see nothing.

What version of the product are you using? On what operating system?

 gitblit-1.4.1 ( the linux GO version ) ( RHEL 6.X )

Please provide any additional information below.

I did a tcpdump and I see lots of data flying back and forth.

I try to authenticate against gitblit and it fails. If I try to use the same 
creds locally to the local OS ( pam ldap ) it works fine.

David Thornton
david.thornton@scalar.ca

Original issue reported on code.google.com by northd...@gmail.com on 27 Mar 2014 at 6:13

GoogleCodeExporter commented 9 years ago 
Yeah, I agree.  LDAP logging is a weakness and I haven't looked into improving 
it.  Gitblit uses UnboundID underneath for LDAP communication.  That library 
might have user-controllable logging, not sure.  Improvements are welcome here.

Original comment by James.Mo...@gmail.com on 27 Mar 2014 at 6:24

GoogleCodeExporter commented 9 years ago 
This looks interesting:
https://www.unboundid.com/products/ldap-sdk/docs/examples/LDAPDebugger.java

Unfortunately, it can't be bundled into Gitblit because it is GPL'd.  But we 
can learn from it and write our own.

Original comment by James.Mo...@gmail.com on 27 Mar 2014 at 6:44

GoogleCodeExporter commented 9 years ago 
Issue 403 has been merged into this issue.

Original comment by James.Mo...@gmail.com on 29 Mar 2014 at 12:10

GoogleCodeExporter commented 9 years ago 
As James said recently in google group:

If you startup Gitblit with some -D VM args then you should be able to enable 
this:

-Dcom.unboundid.ldap.sdk.debug.enabled=true
-Dcom.unboundid.ldap.sdk.debug.level=INFO

You'll have to play with the log levels.
"ALL", "SEVERE", "WARNING", "INFO", "CONFIG", "FINE", "FINER", "FINEST", or 
"OFF". 

-J

Original comment by johann.o...@gmail.com on 6 Mar 2015 at 1:00

GoogleCodeExporter commented 9 years ago 
Sweet, would be nice to have it documented somewhere.

Original comment by gradin...@outlook.com on 6 Mar 2015 at 1:02