I have the same problem: logouts don't log me out.
I'm using Apache to authenticate because I have users logging in from more than one LDAP URL, and I understand Gerrit can't do this natively. My dual-authentication is working fine through Apache. However, when I use that, then Gerrit's "logout" option simply redirects users back to the login page.
I've read about two work-arounds:
(1) set a logout alias so it submits bad credentials, thus affecting a de-facto logout. This doesn't work for me. See the logoutUrl setting below.
(2) create a javascript and send the logout request to that javascript. The javascript submits bad credentials. I'd like to try this, but don't know where to put the javascript so that Gerrit's logout option can reach it.
My configs are as shown below.
Thanks in advance for any help provided.
======== aaa_ldap.conf =========
# specify multiple LDAP providers. Eanble this with AuthBasicProvider directive, followed by each alias below
<AuthnProviderAlias ldap ldap-BIGCOMPANY>
AuthLDAPURL ldap://abcLdap01:3268/DC=corp,DC=BIGCOMPANY,DC=com?sAMAccountName
AuthLDAPBindDN cmldap
AuthLDAPBindPassword PASSWORD
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap-MEDIUMCOMPANY>
AuthLDAPBindDN cmldap
AuthLDAPBindPassword PASSWORD
</AuthnProviderAlias>
=========== gerrit.conf =========
Listen 80
<VirtualHost *:80>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /login/>
AuthType Basic
Order deny,allow
Allow from All
AuthName "Gerrit Code Review"
# Specify two LDAPs, so any user from either domain can login
AuthBasicProvider ldap-BIGCOMPANY ldap-MEDIUMCOMPANY
AuthzLDAPAuthoritative on
Require valid-user
</Location>
ErrorLog /var/log/httpd/gerrit-error.log
CustomLog /var/log/httpd/gerrit-access.log combined
AllowEncodedSlashes On
</VirtualHost>
============= gerrit.config ==========
[gerrit]
basePath = /d01/gerrit/repos
changeScreen = CHANGE_SCREEN2
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit2
[index]
type = LUCENE
[auth]
type = HTTP
[sendemail]
[container]
user = svnsomeadmin
javaHome = /usr/java/jdk1.7.0_45/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://*:8080/
[cache]
directory = cache