HTTP Password hidden from settings when auth.gitbasicauth=true and using LDAP auth
604 views
Skip to first unread message
Darragh Bailey
Feb 21, 2017, 1:46:42 PM2/21/17
to Repo and Gerrit Discussion
Hi,
Working on configuring a pristine set up using auth.type set to LDAP and also want to allow users the ability to generate a HTTP password (essentially to use as a token) should they wish to use the REST api via scripts without needing to use their LDAP password (which is their corporate account password).
I've noticed that if auth.gitbasicauth is set to true, and using auth,type=LDAP, the option to via the "HTTP Password" are of your user settings area disappears, however there is no problem in accessing https://<address>/gerrit/#/settings/http-password and clicking 'Generate Password', after which point you can use the HTTP Password to authenticate.
Setting "auth.gitbasicauth" to `false` causes the "HTTP Password" menu item to appear, but now basic auth is disabled and you have to set '--digest' for any curl requests.
Is there a config setting I'm missing that will result in this option appearing through the default menu of "Settings" without disabling 'Basic Auth', or is this a bug where the UI should in fact be displaying it as a valid menu item?
(UI bug apparently)
Looks like 2.13.6 contains a fix to expose the endpoint for http-password via the UI setttings
https://www.gerritcodereview.com/releases/2.13.md#2.13.6
going to send this anyway in-case others are looking for the same thing ;-)
--
Darragh Bailey
Working on configuring a pristine set up using auth.type set to LDAP and also want to allow users the ability to generate a HTTP password (essentially to use as a token) should they wish to use the REST api via scripts without needing to use their LDAP password (which is their corporate account password).
I've noticed that if auth.gitbasicauth is set to true, and using auth,type=LDAP, the option to via the "HTTP Password" are of your user settings area disappears, however there is no problem in accessing https://<address>/gerrit/#/settings/http-password and clicking 'Generate Password', after which point you can use the HTTP Password to authenticate.
Setting "auth.gitbasicauth" to `false` causes the "HTTP Password" menu item to appear, but now basic auth is disabled and you have to set '--digest' for any curl requests.
Is there a config setting I'm missing that will result in this option appearing through the default menu of "Settings" without disabling 'Basic Auth', or is this a bug where the UI should in fact be displaying it as a valid menu item?
(UI bug apparently)
Looks like 2.13.6 contains a fix to expose the endpoint for http-password via the UI setttings
https://www.gerritcodereview.com/releases/2.13.md#2.13.6
Allow HTTP password when using LDAP and basic authentication.
It was not possible to use HTTP password to validate git over HTTP and REST API requests if LDAP was used along with HTTP basic authentication.
going to send this anyway in-case others are looking for the same thing ;-)
--
Darragh Bailey
Hector Oswaldo Caballero
Feb 27, 2017, 5:59:41 AM2/27/17
to Repo and Gerrit Discussion
Hi,
Well, more than a bug it was a "requirement" as the idea was to avoid people using the HTTP password when using basic authentication and LDAP; you can see the original discussion in the change that introduced the possibility of using both [1]. As you rightly point out, from 2.13.6 there is a possibility of using LDAP_HTTP as authentication policy when using basic auth and LDAP; this will allow you to use any of the two to make REST calls and Git over HTTP.
BR,
Hector
Reply all
Reply to author
Forward
0 new messages