Steve Sanford
unread,Dec 18, 2014, 2:26:56 PM12/18/14Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to gito...@googlegroups.com
I'm using the following configuration but when adding a group to a team no users are listed, or permissions applied. Groups are being added as CN=Group and fall under OU=Gitorious,OU=Security Groups,OU=Network Users,DC=DOMAIN,DC=LOCAL. I'm able to log in find as an ldap user however. (gitorious 3.2 on ubuntu 14.04)
enable_openid: false
# additional methods, an array of hashes
methods:
# An adapter is a class that implements an authentication mechanism. You
# can roll your own, or use one of Gitorious' prepackaged ones.
# Available implementations are:
# Gitorious::Authentication::LDAPAuthentication
# Gitorious::Authentication::CrowdAuthentication
############################################################################
# Example of configuring LDAP authentication
- adapter: Gitorious::Authentication::LDAPAuthentication
# IP/hostname to LDAP server
host: 10.1.1.1
# Override the default port (389)
port: 389
# The base DN to search
base_dn: DC=DOMAIN,DC=LOCAL
# The base DN when searching for groups (for authorization)
# If unspecified, base_dn is used
group_search_dn: OU=Gitorious,OU=Security Groups,OU=Network Users,DC=DOMAIN,DC=LOCAL
# What LDAP attribute to use for user authentication. Default is CN
login_attribute: sAMAccountName
# How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN,
# e.g. CN=chris,DC=gitorious,DC=org
distinguished_name_template: "{}@domain.local"
# Map LDAP fields to database fields.
# Default: displayname => fullname, mail => email
# attribute_mapping:
# displayName: fullname
# mail: email
# See Net-LDAP for other options, or use "none" for no encryption.
# Defaults to "simple_tls" if not set.
encryption: none
# A class/object that will be called after successful authentication
# through LDAP. Will be "constantized", post_authenticate will be called
# with an options hash. See LDAPAuthenticationTest.
#callback_class: SampleCallback
# Specify a username/password to use for authenticated bind
# NOTE: This is required when using LDAP for authorization
bind_user:
username: Us...@DOMAIN.LOCAL
password: Password
# When using LDAP authorization: which attribute in a user
# record specifies groups a user is member of
# This will depend on your schema/LDAP server implementation
# but in 9/10 cases, it will be memberof
membership_attribute_name: memberOf
# When using LDAP authorization: which attribute in a group
# record specifies users that are member of the group
# This will depend on your LDAP schema, but will usually be
# member or uniquemember
members_attribute_name: member