"Failed to update user model" with LDAP
117 views
Skip to first unread message
Steffen Gebert
Dec 6, 2012, 8:03:54 AM12/6/12
to git...@googlegroups.com
Hi,
I'm using WAR 1.1.0 with LDAP as user / group backend.
I noticed that Gitblit "forgets" the access settings with the selected LDAP groups and that it throws error messages like the following into the log:
ERROR Failed to update user model john.doe!
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:900)
at org.eclipse.jgit.storage.file.LockFile.lock(LockFile.java:159)
at org.eclipse.jgit.storage.file.FileBasedConfig.save(FileBasedConfig.java:175)
at com.gitblit.ConfigUserService.write(ConfigUserService.java:808)
at com.gitblit.ConfigUserService.updateUserModel(ConfigUserService.java:313)
at com.gitblit.ConfigUserService.updateUserModel(ConfigUserService.java:267)
at com.gitblit.GitblitUserService.updateUserModel(GitblitUserService.java:167)
at com.gitblit.LdapUserService.authenticate(LdapUserService.java:194)
at com.gitblit.GitBlit.authenticate(GitBlit.java:481)
at com.gitblit.AuthenticationFilter.getUser(AuthenticationFilter.java:111)
at com.gitblit.RpcFilter.doFilter(RpcFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
ERROR Failed to update team model example-team!
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:900)
at org.eclipse.jgit.storage.file.LockFile.lock(LockFile.java:159)
at org.eclipse.jgit.storage.file.FileBasedConfig.save(FileBasedConfig.java:175)
at com.gitblit.ConfigUserService.write(ConfigUserService.java:808)
at com.gitblit.ConfigUserService.updateTeamModel(ConfigUserService.java:515)
at com.gitblit.ConfigUserService.updateTeamModel(ConfigUserService.java:494)
at com.gitblit.GitblitUserService.updateTeamModel(GitblitUserService.java:246)
at com.gitblit.LdapUserService.authenticate(LdapUserService.java:197)
at com.gitblit.GitBlit.authenticate(GitBlit.java:481)
at com.gitblit.AuthenticationFilter.getUser(AuthenticationFilter.java:111)
at com.gitblit.RpcFilter.doFilter(RpcFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
Can anybody tell me, to where Gitblit tries to write?
I'm not a Java guy, thus although I tried to set log verbosity to DEBUG, I had no success.
Thanks for your help
Steffen
James Moger
Dec 6, 2012, 8:14:38 AM12/6/12
to git...@googlegroups.com
Gitblit is trying to update the file specified in realm.ldap.backingUserService + ".tmp"
e.g. realm.ldap.backingUserService = /opt/gitblit/users.conf
if successful save to /opt/gitblit/users/conf.tmp
then delete /opt/gitblit/users.conf and rename tmp file
Gitblit needs write permission to the folder where users.conf is stored.
For the WAR variant this setting must be an absolute path.
-J
e.g. realm.ldap.backingUserService = /opt/gitblit/users.conf
if successful save to /opt/gitblit/users/conf.tmp
then delete /opt/gitblit/users.conf and rename tmp file
Gitblit needs write permission to the folder where users.conf is stored.
For the WAR variant this setting must be an absolute path.
-J
Steffen Gebert
Dec 6, 2012, 8:29:57 AM12/6/12
to git...@googlegroups.com
Thanks James, that helped!
Playing with Gitblit Manager resulted in another error:
> ERROR Failed to save settings!
> java.lang.NullPointerException
> at com.gitblit.WebXmlSettings.saveSettings(WebXmlSettings.java:87)
> at com.gitblit.GitBlit.updateSettings(GitBlit.java:376)
> at com.gitblit.RpcServlet.processRequest(RpcServlet.java:311)
> at com.gitblit.JsonServlet.doPost(JsonServlet.java:71)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:294)
Any idea?
THanks
Steffen
Playing with Gitblit Manager resulted in another error:
> ERROR Failed to save settings!
> java.lang.NullPointerException
> at com.gitblit.WebXmlSettings.saveSettings(WebXmlSettings.java:87)
> at com.gitblit.GitBlit.updateSettings(GitBlit.java:376)
> at com.gitblit.RpcServlet.processRequest(RpcServlet.java:311)
> at com.gitblit.JsonServlet.doPost(JsonServlet.java:71)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:294)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at com.gitblit.RpcFilter.doFilter(RpcFilter.java:114)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
the web.xml in /var/lib/tomcat7/webapps/gitblit/WEB-INF is writable for tomcat7 user.
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:679)
Any idea?
THanks
Steffen
James Moger
Dec 6, 2012, 9:14:56 AM12/6/12
to git...@googlegroups.com
Bug.
Two options:
1. touch a file named "gitblit.properties" in WEB-INF (I think that is the correct folder), if not then try parent folder.
2. make Gitblit think it is running on OpenShift.
This one is more complex and will involve restoring a few settings and perhaps symlinking your repo base folder.
Basically you would be telling Gitblit that all data it wants is located relative to a base folder that has a structure that looks like Gitblit GO.
export OPENSHIFT_DATA_DIR=path/to/data
(start Tomcat)
OPENSHIFT_DATA_DIR/users.conf
OPENSHIFT_DATA_DIR/gitblit.properties
OPENSHIFT_DATA_DIR/git
OPENSHIFT_DATA_DIR/groovy
OPENSHIFT_DATA_DIR/proposals
If you do this then you will want to reset all absolute paths in your web.xml to relative paths - or, even better, the default values.
You will also still need to touch "gitblit.properties" else the same bug will trigger.
I do not recommend storing *any* manipulated files within the webapp itself since they would be destroyed on a WAR redeploy.
Why doesn't Gitblit manipulate web.xml directly?
1. Settings persistence across WAR redeploys.
2. Touching web.xml during runtime makes the servlet container restart the webapp (usually, depends on config). This means stopping Gitblit, unloading classes, loading classes, and restarting Gitblit. Tweaking a config setting from the Manager shouldn't kill a pull or a push which is what I fear could happen in that situation.
-J
Two options:
1. touch a file named "gitblit.properties" in WEB-INF (I think that is the correct folder), if not then try parent folder.
2. make Gitblit think it is running on OpenShift.
This one is more complex and will involve restoring a few settings and perhaps symlinking your repo base folder.
Basically you would be telling Gitblit that all data it wants is located relative to a base folder that has a structure that looks like Gitblit GO.
export OPENSHIFT_DATA_DIR=path/to/data
(start Tomcat)
OPENSHIFT_DATA_DIR/users.conf
OPENSHIFT_DATA_DIR/gitblit.properties
OPENSHIFT_DATA_DIR/git
OPENSHIFT_DATA_DIR/groovy
OPENSHIFT_DATA_DIR/proposals
If you do this then you will want to reset all absolute paths in your web.xml to relative paths - or, even better, the default values.
You will also still need to touch "gitblit.properties" else the same bug will trigger.
I do not recommend storing *any* manipulated files within the webapp itself since they would be destroyed on a WAR redeploy.
Why doesn't Gitblit manipulate web.xml directly?
1. Settings persistence across WAR redeploys.
2. Touching web.xml during runtime makes the servlet container restart the webapp (usually, depends on config). This means stopping Gitblit, unloading classes, loading classes, and restarting Gitblit. Tweaking a config setting from the Manager shouldn't kill a pull or a push which is what I fear could happen in that situation.
-J
James Moger
Dec 6, 2012, 9:19:20 AM12/6/12
to git...@googlegroups.com
Ok, I lied. choice 1 still probably won't work. :(
Steffen Gebert
Dec 7, 2012, 7:16:37 AM12/7/12
to git...@googlegroups.com
Thanks James,
so why can't Gitblit write to gitblit.properties? I guess I should file a bug report, shouldn't I?
Option 2 sounds a bit hacky..
Thanks
Steffen
so why can't Gitblit write to gitblit.properties? I guess I should file a bug report, shouldn't I?
Option 2 sounds a bit hacky..
Thanks
Steffen
James Moger
Dec 7, 2012, 10:23:58 AM12/7/12
to git...@googlegroups.com
The bug is already fixed on master.
Option 2 is actually pretty clean, IMO.
-J
Option 2 is actually pretty clean, IMO.
-J
Reply all
Reply to author
Forward
0 new messages