LDAP authorization not working in Gerrit
76 views
Skip to first unread message
Osama FelFel
Nov 25, 2015, 4:34:48 AM11/25/15
to Repo and Gerrit Discussion
After installing Gerrit (2.11.4) and configuring it to use LDAP while authenticating GUI, I'm having a problem with groups authorization. I provided the code review +2 role to LDAP group however users within this group can't +2. Actually users are treated as normal registered users with +1 ability.
Here are my Gerrit configs:
[auth]
type = LDAP
gitBasicAuth = true
[ldap]
server = ldap://IP:Port
username = username
password = password
accountBase = accountBase
groupBase = groupBase
referral = follow accountPattern = (sAMAccountName=${username})
groupPattern = (cn=${groupname})
accountFullName = displayName
accountMemberField = member
accountEmailAddress = mail
groupMemberPattern = (&(objectClass=groupOfNames)(member=${groupname}))
Here are the project configuration:
submit = group ldap/Group Name
owner = group ldap/Group Name
pushMerge = group ldap/Group Namelabel-Code-Review = -2..+2 group ldap/Group Name
submit = group ldap/Group Name
push = group ldap/Group Name
owner = group ldap/Group Name
forgeAuthor = group ldap/Group Name
Sébastien Douche
Nov 25, 2015, 7:44:30 AM11/25/15
to repo-d...@googlegroups.com
On Tue, 24 Nov 2015, at 20:03, Osama FelFel wrote:
> After installing Gerrit (2.11.4) and configuring it to use LDAP while
> authenticating GUI, I'm having a problem with groups authorization. I
> provided the code review +2 role to LDAP group however users within this
> group can't +2. Actually users are treated as normal registered users
> with
> +1 ability.
I think you can't assign to ldap group, but only to "normal" group. So I
> After installing Gerrit (2.11.4) and configuring it to use LDAP while
> authenticating GUI, I'm having a problem with groups authorization. I
> provided the code review +2 role to LDAP group however users within this
> group can't +2. Actually users are treated as normal registered users
> with
> +1 ability.
created group for each ldap group I have. It works.
--
Sébastien Douche <s...@nmeos.net>
Twitter: @sdouche
http://douche.name
Kenny Ho
Nov 25, 2015, 11:45:37 AM11/25/15
to Repo and Gerrit Discussion, s...@nmeos.net
LDAP group works for us (at least in 2.9.1). Did you try making the adjustment via the web UI first? When the web UI add the permission it also add something to the "groups" file in refs/meta/config corresponding to the group. For example, when I add a new group permission I have the following added to my groups file:
ldap:CN=<dl name>,OU=<blanked on purpose>,OU=<blanked on purpose>,DC=<blanked on purpose>,DC=com <dl name>
Auto complete / search pop up should also work in the web UI if LDAP is setup correctly.
ldap:CN=<dl name>,OU=<blanked on purpose>,OU=<blanked on purpose>,DC=<blanked on purpose>,DC=com <dl name>
Auto complete / search pop up should also work in the web UI if LDAP is setup correctly.
Martin Waitz
Nov 27, 2015, 4:28:23 AM11/27/15
to Repo and Gerrit Discussion
Hello,
Am Mittwoch, 25. November 2015 10:34:48 UTC+1 schrieb Osama FelFel:
I think your groupMemberPattern is wrong.
The ${} are the user's attributes and the search should return all groups for that user.
So you are saying here that you are searching for a group whose 'member' field matches your users 'groupname' field.
Maybe you can tell us more about your LDAP setup so that we can find the right groupMemberPattern.
-- Martin
Am Mittwoch, 25. November 2015 10:34:48 UTC+1 schrieb Osama FelFel:
After installing Gerrit (2.11.4) and configuring it to use LDAP while authenticating GUI, I'm having a problem with groups authorization.
Here are my Gerrit configs:
I think your groupMemberPattern is wrong.
The ${} are the user's attributes and the search should return all groups for that user.
So you are saying here that you are searching for a group whose 'member' field matches your users 'groupname' field.
Maybe you can tell us more about your LDAP setup so that we can find the right groupMemberPattern.
-- Martin
Reply all
Reply to author
Forward
0 new messages