issues logging in with auth.type LDAP

Åsmund Østvold

okunmadı,

26 Eki 2012 16:19:1726.10.2012

alıcı repo-d...@googlegroups.com

My day job is investigating using gerrit for a small internal team of developer. I believe I now know most of what is needed for our setup. I have used the "DEVELOPMENT_BECOME_ANY_ACCOUNT" auth type. My jobb is using LDAP authentication and I did run in to some unexpected issues. Logging in only partly work.

1) On first login I get:

"Application Error

Server Error

Internal Server Error

Continue"

When I click 'continue' I get back login and is not logged in. logs/error_log have this contents:

[2012-10-26 18:55:57,090] INFO com.google.gerrit.server.cache.h2.H2CacheFactory : Enabling disk cache /var/lib/hudson/codereview/cache

[2012-10-26 18:56:00,294] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher aes192-cbc: Illegal key size; try installing unlimited cryptography extension
[2012-10-26 18:56:00,295] WARN com.google.gerrit.sshd.SshDaemon : Disabling cipher aes256-cbc: Illegal key size; try installing unlimited cryptography extension

[2012-10-26 18:56:00,338] WARN com.google.gerrit.httpd.GitWebConfig : gitweb not installed (no /usr/lib/cgi-bin/gitweb.cgi found)
[2012-10-26 18:56:01,106] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /var/lib/hudson/codereview/plugins

[2012-10-26 18:56:01,177] WARN com.googlesource.gerrit.plugins.replication.ReplicationQueue : No /var/lib/hudson/codereview/etc/replication.config; not replicating
[2012-10-26 18:56:01,180] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin replication

[2012-10-26 18:56:01,268] INFO com.google.gerrit.sshd.SshDaemon : Started Gerrit SSHD on *:29419
[2012-10-26 18:56:01,274] INFO org.eclipse.jetty.util.log : jetty-7.2.1.v20101111

[2012-10-26 18:56:01,912] INFO org.eclipse.jetty.util.log : Started SelectChann...@0.0.0.0:8081
[2012-10-26 18:56:01,917] INFO com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.5-rc2 ready

[2012-10-26 18:57:37,054] WARN / : Error in authenticate
java.util.NoSuchElementException
at java.util.AbstractList$Itr.next(AbstractList.java:350)

at com.google.gerrit.server.account.AccountManager.create(AccountManager.java:291)
at com.google.gerrit.server.account.AccountManager.authenticate(AccountManager.java:122)

at com.google.gerrit.httpd.auth.ldap.UserPassAuthServiceImpl.authenticate(UserPassAuthServiceImpl.java:70)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)
at com.google.gwtjsonrpc.server.MethodHandle.invoke(MethodHandle.java:91)
at com.google.gwtjsonrpc.server.JsonServlet.doService(JsonServlet.java:379)

at com.google.gwtjsonrpc.server.JsonServlet.service(JsonServlet.java:265)
at com.google.gerrit.httpd.rpc.GerritJsonServlet.service(GerritJsonServlet.java:118)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)

at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)

at com.google.gerrit.pgm.http.jetty.GetUserFilter.doFilter(GetUserFilter.java:76)
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)

at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)

at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
at com.google.gwtexpui.server.CacheControlFilter.doFilter(CacheControlFilter.java:76)

at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

at com.google.gerrit.httpd.AllRequestFilter$FilterProxy$1.doFilter(AllRequestFilter.java:64)
at com.google.gerrit.httpd.AllRequestFilter$FilterProxy.doFilter(AllRequestFilter.java:57)

at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

at com.google.gerrit.httpd.RequestContextFilter.doFilter(RequestContextFilter.java:75)
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)

at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1322)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:473)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:921)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:403)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:184)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:856)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)

at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:59)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:114)

at org.eclipse.jetty.server.Server.handle(Server.java:352)
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:596)
at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1069)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:805)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:218)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:426)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:510)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.access$000(SelectChannelEndPoint.java:34)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:450)

at java.lang.Thread.run(Thread.java:662)

2) logging in again with the same user as the first time I get the blow:

This webpage has a redirect loop
The webpage at http://XXXX.no.XXXX.com:8081/login/q/null#/q/null has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Here are some suggestions:

Reload this webpage later.
Learn more about this problem.

Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I have tried clearing my Chrome cache clean and it do not help. The strange thing is if I modify I the url to "http://XXXX.no.XXXX.com:8081" I am logged in, and my identety is correcttly optained from LDAP. But the user is not a member member of Administrators group.

Any hint on what I am doing wrong?

Below is some more env. stuff from my setup.

My environment:

Gerrit 2.5 RC 2

gerrit.config:

[gerrit]
basePath = /share/proj6/git/GerretGits

[database]
type = H2
database = db/ReviewDB
[auth]
type = LDAP

[sendemail]
smtpServer = localhost
[container]
user = n-hudson

javaHome = /usr/java/jdk1.6.0_23/jre
[sshd]
listenAddress = *:29419
[httpd]
listenUrl = http://*:8081/
[cache]
directory = cache
[ldap]
server = ldap://lc-eosl04-01.no.#####.com
accountBase = dc=#####,dc=com

groupBase = ou=groups,ou=###it.#######.com,o=nl,dc=#####,dc=com

install command:

java -jar ./gerrit-full-2.5-rc2.war init -d $PWD

starting:

bin/gerrit.sh start

Asmund

Edwin Kempin

okunmadı,

27 Eki 2012 01:09:4327.10.2012

alıcı Åsmund Østvold, repo-d...@googlegroups.com

2012/10/26 Åsmund Østvold <asm...@gmail.com>

This exception occurred while trying to assign the first user logging in the administrator permissions.
Because of this exception your first user isn't an administrator.
The exception occurs because the group to which the 'Administrate Server' capability is assigned cannot be resolved.
Which group has the 'Administrate Server' capability is defined in the refs/meta/config branch of the All-Projects project.
In the 'project.config' file on this branch, you should find the group name and in the 'groups' file you can lookup the UUID of this group.
The problem is now that in the Gerrit database there is no group with such a UUID.
This shouldn't happen when you initialize a new site, since the schema creator will take care to make this assignment in the All-Projects
project and to add this group in the db.
Is it possibile that after initialization of the site, you copied over the All-Projects git repo from another site?

--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

Åsmund Østvold

okunmadı,

29 Eki 2012 03:34:0429.10.2012

alıcı repo-d...@googlegroups.com

So the solution for the redirect loop issue was setting the gerrit.canonicalWebUrl. My bad.

Asmund

On Sun, Oct 28, 2012 at 1:33 AM, Åsmund Østvold <asm...@gmail.com> wrote:

Edwin thank you for responding.

info: I am dyslectic so there is a good chance words/sentences are wrong/bad. Please do not hesitate to ask for clarification!

This was what I had done. So now the first user is a member of Administrator group and I do not get the application error any more. Issue #1 closed :-)

2) logging in again with the same user as the first time I get the blow:

This webpage has a redirect loop
The webpage at http://XXXX.no.XXXX.com:8081/login/q/null#/q/null has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Here are some suggestions:

Reload this webpage later.

Learn more about this problem.

Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

I have tried clearing my Chrome cache clean and it do not help. The strange thing is if I modify I the url to "http://XXXX.no.XXXX.com:8081" I am logged in, and my identety is correcttly optained from LDAP. But the user is not a member member of Administrators group.

Any hint on what I am doing wrong?

Below is some more env. stuff from my setup.

Unforgettably the above 'redirect loop' is still an issue.

Still modifying the url from http://XXXXX.no.XXXXX:8081/login/q/null#/q/null too http://XXXXX.no.XXXXX::8081, show user as logged in. Gerrit error log looks clean. I have not had an opportunity to validate if this is limited to only my user or if this is a general issue. I will do this first thing Monday morning. Cleaning browser cash do not help. ;-( This issue is not present with the "become" auth.type.

Are anybody able to spot what I am doing wrong?

If you for some reason believe this is a bug I am willing to help out with more info, installs or debug runs. My Gerrit / Java knowledge is limited but this is 100% reproducible for me.

Tümünü yanıtla

Yazarı yanıtla

Yönlendir

İleti silindi