LDAP Auth->Active Directory. Groups not functioning
41 views
Skip to first unread message
Steve Sanford
Dec 18, 2014, 2:26:56 PM12/18/14
to gito...@googlegroups.com
I'm using the following configuration but when adding a group to a team no users are listed, or permissions applied. Groups are being added as CN=Group and fall under OU=Gitorious,OU=Security Groups,OU=Network Users,DC=DOMAIN,DC=LOCAL. I'm able to log in find as an ldap user however. (gitorious 3.2 on ubuntu 14.04)
enable_openid: false
# additional methods, an array of hashes
methods:
# An adapter is a class that implements an authentication mechanism. You
# can roll your own, or use one of Gitorious' prepackaged ones.
# Available implementations are:
# Gitorious::Authentication::LDAPAuthentication
# Gitorious::Authentication::CrowdAuthentication
############################################################################
# Example of configuring LDAP authentication
- adapter: Gitorious::Authentication::LDAPAuthentication
# IP/hostname to LDAP server
host: 10.1.1.1
# Override the default port (389)
port: 389
# The base DN to search
base_dn: DC=DOMAIN,DC=LOCAL
# The base DN when searching for groups (for authorization)
# If unspecified, base_dn is used
group_search_dn: OU=Gitorious,OU=Security Groups,OU=Network Users,DC=DOMAIN,DC=LOCAL
# What LDAP attribute to use for user authentication. Default is CN
login_attribute: sAMAccountName
# How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN,
# e.g. CN=chris,DC=gitorious,DC=org
distinguished_name_template: "{}@domain.local"
# Map LDAP fields to database fields.
# Default: displayname => fullname, mail => email
# attribute_mapping:
# displayName: fullname
# mail: email
# See Net-LDAP for other options, or use "none" for no encryption.
# Defaults to "simple_tls" if not set.
encryption: none
# A class/object that will be called after successful authentication
# through LDAP. Will be "constantized", post_authenticate will be called
# with an options hash. See LDAPAuthenticationTest.
#callback_class: SampleCallback
# Specify a username/password to use for authenticated bind
# NOTE: This is required when using LDAP for authorization
bind_user:
username: Us...@DOMAIN.LOCAL
password: Password
# When using LDAP authorization: which attribute in a user
# record specifies groups a user is member of
# This will depend on your schema/LDAP server implementation
# but in 9/10 cases, it will be memberof
membership_attribute_name: memberOf
# When using LDAP authorization: which attribute in a group
# record specifies users that are member of the group
# This will depend on your LDAP schema, but will usually be
# member or uniquemember
members_attribute_name: member
enable_openid: false
# additional methods, an array of hashes
methods:
# An adapter is a class that implements an authentication mechanism. You
# can roll your own, or use one of Gitorious' prepackaged ones.
# Available implementations are:
# Gitorious::Authentication::LDAPAuthentication
# Gitorious::Authentication::CrowdAuthentication
############################################################################
# Example of configuring LDAP authentication
- adapter: Gitorious::Authentication::LDAPAuthentication
# IP/hostname to LDAP server
host: 10.1.1.1
# Override the default port (389)
port: 389
# The base DN to search
base_dn: DC=DOMAIN,DC=LOCAL
# The base DN when searching for groups (for authorization)
# If unspecified, base_dn is used
group_search_dn: OU=Gitorious,OU=Security Groups,OU=Network Users,DC=DOMAIN,DC=LOCAL
# What LDAP attribute to use for user authentication. Default is CN
login_attribute: sAMAccountName
# How to build a user's DN. Default: $LOGIN_ATTRIBUTE={},$BASE_DN,
# e.g. CN=chris,DC=gitorious,DC=org
distinguished_name_template: "{}@domain.local"
# Map LDAP fields to database fields.
# Default: displayname => fullname, mail => email
# attribute_mapping:
# displayName: fullname
# mail: email
# See Net-LDAP for other options, or use "none" for no encryption.
# Defaults to "simple_tls" if not set.
encryption: none
# A class/object that will be called after successful authentication
# through LDAP. Will be "constantized", post_authenticate will be called
# with an options hash. See LDAPAuthenticationTest.
#callback_class: SampleCallback
# Specify a username/password to use for authenticated bind
# NOTE: This is required when using LDAP for authorization
bind_user:
username: Us...@DOMAIN.LOCAL
password: Password
# When using LDAP authorization: which attribute in a user
# record specifies groups a user is member of
# This will depend on your schema/LDAP server implementation
# but in 9/10 cases, it will be memberof
membership_attribute_name: memberOf
# When using LDAP authorization: which attribute in a group
# record specifies users that are member of the group
# This will depend on your LDAP schema, but will usually be
# member or uniquemember
members_attribute_name: member
Reply all
Reply to author
Forward
0 new messages