authentication for gerrit
3,732 views
Skip to first unread message
JosephJohn
Apr 28, 2010, 3:25:25 AM4/28/10
to Repo and Gerrit Discussion
Hi
I am trying out to know more about gerrit
I was successful in installing gerrit 2.1.2.3 on my ubuntu machine
(karmic ) .
First I tired authentication with LDAP (Oracle OIS ) . my entries in
"gerrit.config" were
[ldap]
server = ldap://192.168.20.31
accountBase = cn=Users,dc=xxx,dc=ae
groupBase = cn=Groups,dc=xxx,dc=ae
I was getting error
"[2010-04-28 09:31:18,055] ERROR
com.google.gerrit.server.auth.ldap.LdapRealm : Cannot query LDAP to
autenticate user
javax.naming.CommunicationException: 192.168.20.31:389 [Root exception
is java.net.ConnectException: Connection refused]
"
I googled and found this link
"http://groups.google.com/group/repo-discuss/browse_thread/thread/
95017c2d25a33ec3"
Later I added
javaOptions = -Djava.naming.referral=follow
under the [container] section
Still I am getting the same error .
Since right now my intention is to check Gerrit and use it
irrespective of the authentication method. I tried out with http
authentication, here also I was not able to log in
I am getting a error message
HTTP ERROR 403
Problem accessing /login/admin,projects. Reason:
Forbidden
Powered by Jetty://
Is there any guide for dummies for installing gerrit
thanks
Joseph John
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
I am trying out to know more about gerrit
I was successful in installing gerrit 2.1.2.3 on my ubuntu machine
(karmic ) .
First I tired authentication with LDAP (Oracle OIS ) . my entries in
"gerrit.config" were
[ldap]
server = ldap://192.168.20.31
accountBase = cn=Users,dc=xxx,dc=ae
groupBase = cn=Groups,dc=xxx,dc=ae
I was getting error
"[2010-04-28 09:31:18,055] ERROR
com.google.gerrit.server.auth.ldap.LdapRealm : Cannot query LDAP to
autenticate user
javax.naming.CommunicationException: 192.168.20.31:389 [Root exception
is java.net.ConnectException: Connection refused]
"
I googled and found this link
"http://groups.google.com/group/repo-discuss/browse_thread/thread/
95017c2d25a33ec3"
Later I added
javaOptions = -Djava.naming.referral=follow
under the [container] section
Still I am getting the same error .
Since right now my intention is to check Gerrit and use it
irrespective of the authentication method. I tried out with http
authentication, here also I was not able to log in
I am getting a error message
HTTP ERROR 403
Problem accessing /login/admin,projects. Reason:
Forbidden
Powered by Jetty://
Is there any guide for dummies for installing gerrit
thanks
Joseph John
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
Furosh One
Apr 28, 2010, 3:50:42 PM4/28/10
to JosephJohn, Repo and Gerrit Discussion
> Since right now my intention is to check Gerrit and use it
> irrespective of the authentication method. I tried out with http
> authentication, here also I was not able to log in
> I am getting a error message
> HTTP ERROR 403
> Problem accessing /login/admin,projects. Reason:
> Forbidden
> Powered by Jetty://
>
> Is there any guide for dummies for installing gerrit
> thanks
> Joseph John
I don't know much about ldap configuration but I do have a working
> irrespective of the authentication method. I tried out with http
> authentication, here also I was not able to log in
> I am getting a error message
> HTTP ERROR 403
> Problem accessing /login/admin,projects. Reason:
> Forbidden
> Powered by Jetty://
>
> Is there any guide for dummies for installing gerrit
> thanks
> Joseph John
HTTP-auth config for my default gerrit server.
I have a NIS domain that I'm grabbing all usernames & passwords from
in our corporation. I have a script that collects this and basically
grabs username:password and outputs to a file in
/home/gerrit2/review_site/access/passwd file.
I am also using the reverse-proxy setup here, so I can have HTTPD
authenticate users then pass it over to Jetty/Gerrit service (on the
same server) once authentication has been met. Use what you can from
here and take what you don't need out.
My httpd.conf:
===========
<VirtualHost *>
ServerName gerrit1.mydomain.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Location "/ssh_info">
ProxyPass http://127.0.0.1:8081/ssh_info
Allow from all
Satisfy Any
</Location>
<Location "/">
AuthType Basic
AuthName "Gerrit Review Server"
#AuthName "Gerrit Code Review"
AuthUserFile /home/gerrit2/review_site/access/passwd
Require valid-user
</Location>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ProxyPass /r/ http://127.0.0.1:8081/r/
ProxyPass / http://127.0.0.1:8081/
<IfModule mod_disk_cache.c>
CacheEnable disk /
CacheIgnoreHeaders Set-Cookie
</IfModule>
</VirtualHost>
gerrit.config:
=========
[gerrit]
basePath = /git/projects/
#canonicalWebUrl = http://gerrit1.mydomain.com:8080/ # took
out because not in DNS.
[database]
type = POSTGRESQL
hostname = localhost
database = reviewdb
username = gerrit2
[auth]
type = HTTP
emailformat = {0}@domain.com
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre
[sshd]
listenAddress = *:29418
[httpd]
#listenUrl = proxy-http://127.0.0.1:8081/r/
listenUrl = proxy-http://127.0.0.1:8081/
[cache]
directory = cache
As you can see I had to play with the configs to finally get it
working, but hopefully you can try it and it may work for you. I wish
someone had helped me when I was trying to set this up because it
caused lots of frustration and finally got it to work like I wanted
to. If you have issues pay attention to your httpd error_logs or
messages when you restart httpd. Sometimes you need to ensure the
passwd file has read access all the way up to parent directory. Not
sure what you're using for authentication if not a passwd file but
this works great for me and my environment.
Hope this helps...
-FuRoSh...
csantos
May 11, 2010, 8:47:18 AM5/11/10
to Repo and Gerrit Discussion
Hi,
I configured Reverse-proxy for gerrit but got this HTTP error:
HTTP ERROR 403
Problem accessing /login/mine. Reason:
Forbidden
It seems thar Jetty try to authenticate not Apache HTTP.
The configurations in http.conf is:
# Setting ProxyRequests On turns your server into an Open Proxy.
ProxyRequests Off
# When enabled, this option will pass the Host: line from the incoming
request to the proxied host,
# instead of the hostname specified in the proxypass line.
ProxyPreserveHost On
# access
the local server
ProxyPass /gerrit http://172.17.27.186:8082/
# This directive lets Apache adjust the URL in the Location header on
HTTP redirect responses.
ProxyPassReverse /gerrit http://localhost:8082/
# rewrite absolute URLs to /gerrit
ProxyHTMLURLMap http://localhost:8082/ /gerrit
<Location /gerrit/>
ProxyHTMLURLMap / /gerrit/
</Location>
# access
<Location /gerrit>
Require valid-user
</Location>
and the gerrit.conf file:
[gerrit]
basePath = C:\\git_repos
[database]
type = H2
database = db/ReviewDB
[auth]
type = HTTP
[sendemail]
smtpServer = 172.17.27.186
smtpServerPort = 25
smtpUser = Administrator
[container]
user = Administrator
javaHome = C:\\Program Files\\Java\\jdk1.6.0_12\\jre
[cache]
directory = cache
Does anyone use HTTP authentication? Any clues?
regards,
On Apr 28, 9:50 pm, Furosh One <fur...@gmail.com> wrote:
> > Since right now my intention is to check Gerrit and use it
> > irrespective of the authentication method. I tried out with http
> > authentication, here also I was not able to log in
> > I am getting a error message
> > HTTP ERROR 403
> > Problem accessing /login/admin,projects. Reason:
> > Forbidden
> > Powered by Jetty://
>
> > Is there any guide for dummies for installing gerrit
> > thanks
> > Joseph John
>
> I don't know much about ldap configuration but I do have a working
> HTTP-auth config for my default gerrit server.
> I have a NIS domain that I'm grabbing all usernames & passwords from
> in our corporation. I have a script that collects this and basically
> grabs username:password and outputs to a file in
> /home/gerrit2/review_site/access/passwd file.
>
> I am also using thereverse-proxysetup here, so I can have HTTPD
I configured Reverse-proxy for gerrit but got this HTTP error:
HTTP ERROR 403
Problem accessing /login/mine. Reason:
Forbidden
It seems thar Jetty try to authenticate not Apache HTTP.
The configurations in http.conf is:
# Setting ProxyRequests On turns your server into an Open Proxy.
ProxyRequests Off
# When enabled, this option will pass the Host: line from the incoming
request to the proxied host,
# instead of the hostname specified in the proxypass line.
ProxyPreserveHost On
# access
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# This directive allows remote servers to be mapped into the space of
Order deny,allow
Allow from all
</Proxy>
the local server
ProxyPass /gerrit http://172.17.27.186:8082/
# This directive lets Apache adjust the URL in the Location header on
HTTP redirect responses.
ProxyPassReverse /gerrit http://localhost:8082/
# rewrite absolute URLs to /gerrit
ProxyHTMLURLMap http://localhost:8082/ /gerrit
<Location /gerrit/>
ProxyHTMLURLMap / /gerrit/
</Location>
# access
<Location /gerrit>
AuthType Basic
AuthName "Gerrit Review Server"
AuthUserFile /review_site/access/passwd
AuthName "Gerrit Review Server"
Require valid-user
</Location>
and the gerrit.conf file:
[gerrit]
basePath = C:\\git_repos
[database]
type = H2
database = db/ReviewDB
[auth]
type = HTTP
[sendemail]
smtpServer = 172.17.27.186
smtpServerPort = 25
smtpUser = Administrator
[container]
user = Administrator
javaHome = C:\\Program Files\\Java\\jdk1.6.0_12\\jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://172.17.27.186:8082
listenAddress = *:29418
[httpd]
[cache]
directory = cache
Does anyone use HTTP authentication? Any clues?
regards,
On Apr 28, 9:50 pm, Furosh One <fur...@gmail.com> wrote:
> > Since right now my intention is to check Gerrit and use it
> > irrespective of the authentication method. I tried out with http
> > authentication, here also I was not able to log in
> > I am getting a error message
> > HTTP ERROR 403
> > Problem accessing /login/admin,projects. Reason:
> > Forbidden
> > Powered by Jetty://
>
> > Is there any guide for dummies for installing gerrit
> > thanks
> > Joseph John
>
> I don't know much about ldap configuration but I do have a working
> HTTP-auth config for my default gerrit server.
> I have a NIS domain that I'm grabbing all usernames & passwords from
> in our corporation. I have a script that collects this and basically
> grabs username:password and outputs to a file in
> /home/gerrit2/review_site/access/passwd file.
>
> authenticate users then pass it over to Jetty/Gerrit service (on the
> same server) once authentication has been met. Use what you can from
> here and take what you don't need out.
>
> My httpd.conf:
> ===========
> <VirtualHost *>
> ServerName gerrit1.mydomain.com
>
> ProxyRequests Off
> ProxyVia Off
> ProxyPreserveHost On
>
> <Location "/ssh_info">
> ProxyPasshttp://127.0.0.1:8081/ssh_info
> same server) once authentication has been met. Use what you can from
> here and take what you don't need out.
>
> My httpd.conf:
> ===========
> <VirtualHost *>
> ServerName gerrit1.mydomain.com
>
> ProxyRequests Off
> ProxyVia Off
> ProxyPreserveHost On
>
> <Location "/ssh_info">
> Allow from all
> Satisfy Any
> </Location>
>
> <Location "/">
> AuthType Basic
> AuthName "Gerrit Review Server"
> #AuthName "Gerrit Code Review"
> AuthUserFile /home/gerrit2/review_site/access/passwd
> Require valid-user
> </Location>
>
> <Proxy*>
> Order deny,allow
> Allow from all
> </Proxy>
>
> #ProxyPass /r/http://127.0.0.1:8081/r/
> ProxyPass /http://127.0.0.1:8081/
> Satisfy Any
> </Location>
>
> <Location "/">
> AuthType Basic
> AuthName "Gerrit Review Server"
> #AuthName "Gerrit Code Review"
> AuthUserFile /home/gerrit2/review_site/access/passwd
> Require valid-user
> </Location>
>
> <Proxy*>
> Order deny,allow
> Allow from all
> </Proxy>
>
> #ProxyPass /r/http://127.0.0.1:8081/r/
>
> <IfModule mod_disk_cache.c>
> CacheEnable disk /
> CacheIgnoreHeaders Set-Cookie
> </IfModule>
> </VirtualHost>
>
> gerrit.config:
> =========
> [gerrit]
> basePath = /git/projects/
> #canonicalWebUrl =http://gerrit1.mydomain.com:8080/# took
> <IfModule mod_disk_cache.c>
> CacheEnable disk /
> CacheIgnoreHeaders Set-Cookie
> </IfModule>
> </VirtualHost>
>
> gerrit.config:
> =========
> [gerrit]
> basePath = /git/projects/
> out because not in DNS.
> [database]
> type = POSTGRESQL
> hostname = localhost
> database = reviewdb
> username = gerrit2
> [auth]
> type = HTTP
> emailformat = {...@domain.com
> [database]
> type = POSTGRESQL
> hostname = localhost
> database = reviewdb
> username = gerrit2
> [auth]
> type = HTTP
> [sendemail]
> smtpServer = localhost
> [container]
> user = gerrit2
> javaHome = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre
> [sshd]
> listenAddress = *:29418
> [httpd]
> #listenUrl =proxy-http://127.0.0.1:8081/r/
> listenUrl =proxy-http://127.0.0.1:8081/
> smtpServer = localhost
> [container]
> user = gerrit2
> javaHome = /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre
> [sshd]
> listenAddress = *:29418
> [httpd]
> #listenUrl =proxy-http://127.0.0.1:8081/r/
Shawn Pearce
May 11, 2010, 2:36:35 PM5/11/10
to csantos, Repo and Gerrit Discussion
csantos <claudia....@gmail.com> wrote:
> I configured Reverse-proxy for gerrit but got this HTTP error:
>
> HTTP ERROR 403
> Problem accessing /login/mine. Reason:
> Forbidden
>
> It seems thar Jetty try to authenticate not Apache HTTP.
No. Gerrit requires that Apache HTTP perform the authentication
> I configured Reverse-proxy for gerrit but got this HTTP error:
>
> HTTP ERROR 403
> Problem accessing /login/mine. Reason:
> Forbidden
>
> It seems thar Jetty try to authenticate not Apache HTTP.
for it. If the authentication data isn't present in the request,
Gerrit returns 403 with no further information. I should adjust
that error message to explain what is wrong.
> The configurations in http.conf is:
> # This directive lets Apache adjust the URL in the Location header on
> HTTP redirect responses.
> ProxyPassReverse /gerrit http://localhost:8082/
IIRC this line should be unnecessary for Gerrit. Gerrit knows its
> HTTP redirect responses.
> ProxyPassReverse /gerrit http://localhost:8082/
behind a proxy and generates correct redirect lines on its own.
> # rewrite absolute URLs to /gerrit
> ProxyHTMLURLMap http://localhost:8082/ /gerrit
>
> <Location /gerrit/>
> ProxyHTMLURLMap / /gerrit/
> </Location>
what's going on when its behind a proxy and works things out
for itself.
> # access
> <Location /gerrit>
> AuthType Basic
> AuthName "Gerrit Review Server"
> AuthUserFile /review_site/access/passwd
> Require valid-user
> </Location>
documentation, you will learn that <Location /gerrit> is *NOT*
the same as <Location /gerrit/>.
Your directive above isn't being used, because the user agent
asked for /gerrit/login/mine. That's under location /gerrit/
and has nothing to do with location /gerrit.
Yes, really, Apache treats these as different URLs.
csantos
May 12, 2010, 4:18:41 AM5/12/10
to Repo and Gerrit Discussion
Thanks Shawn,
I changed the httpd.config and now when i try to access http://localhost/r/
the authentication required window shows up, and i got this message:
"Service Temporarily Unavailable"
When i try to access http://172.17.27.186:8082/r/ i still got the same
error:
HTTP ERROR 403
Problem accessing /r/login/mine. Reason: Forbidden
It seems that the reverse proxy doesn't work properly.
It's weird because i have already Nexus Server with reverse proxy in
another Server and it works just fine...
The actual configuration in httpd.conf ist:
#
# Reverse Proxy for Gerrit
#
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_proxy_html/mod_xml2enc.so
ProxyRequests Off
ProxyPass /r/ http://172.17.27.186:8081/r/
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /r/ >
Require valid-user
</Location>
And the gerrit.conf file:
[gerrit]
basePath = C:\\git_repos
[database]
type = H2
database = db/ReviewDB
[auth]
type = HTTP
[sendemail]
smtpServer = 172.17.22.9
[cache]
directory = cache
If anyone knows what's wrong let me know please.
regards,
On May 11, 8:36 pm, Shawn Pearce <s...@google.com> wrote:
I changed the httpd.config and now when i try to access http://localhost/r/
the authentication required window shows up, and i got this message:
"Service Temporarily Unavailable"
When i try to access http://172.17.27.186:8082/r/ i still got the same
error:
HTTP ERROR 403
Problem accessing /r/login/mine. Reason: Forbidden
It seems that the reverse proxy doesn't work properly.
It's weird because i have already Nexus Server with reverse proxy in
another Server and it works just fine...
The actual configuration in httpd.conf ist:
#
# Reverse Proxy for Gerrit
#
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_proxy_html/mod_xml2enc.so
ProxyRequests Off
ProxyPass /r/ http://172.17.27.186:8081/r/
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AuthType Basic
AuthName "Gerrit Review Server"
AuthUserFile passwd
AuthName "Gerrit Review Server"
Require valid-user
</Location>
And the gerrit.conf file:
[gerrit]
basePath = C:\\git_repos
[database]
type = H2
database = db/ReviewDB
[auth]
type = HTTP
[sendemail]
smtpServerPort = 25
smtpUser = Administrator
[container]
user = Administrator
javaHome = C:\\Program Files\\Java\\jdk1.6.0_12\\jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = proxy-http://172.17.27.186:8081/r/
smtpUser = Administrator
[container]
user = Administrator
javaHome = C:\\Program Files\\Java\\jdk1.6.0_12\\jre
[sshd]
listenAddress = *:29418
[httpd]
[cache]
directory = cache
If anyone knows what's wrong let me know please.
regards,
On May 11, 8:36 pm, Shawn Pearce <s...@google.com> wrote:
> csantos <claudia.cm.san...@gmail.com> wrote:
> > I configured Reverse-proxy for gerrit but got this HTTP error:
>
> > HTTP ERROR 403
> > Problem accessing /login/mine. Reason:
> > Forbidden
>
> > It seems thar Jetty try to authenticate not Apache HTTP.
>
> No. Gerrit requires that Apache HTTP perform theauthentication
> for it. If theauthenticationdata isn't present in the request,
> > I configured Reverse-proxy for gerrit but got this HTTP error:
>
> > HTTP ERROR 403
> > Problem accessing /login/mine. Reason:
> > Forbidden
>
> > It seems thar Jetty try to authenticate not Apache HTTP.
>
> No. Gerrit requires that Apache HTTP perform theauthentication
> Gerrit returns 403 with no further information. I should adjust
> that error message to explain what is wrong.
>
>
>
> > The configurations in http.conf is:
> ...
> > # This directive lets Apache adjust the URL in the Location header on
> > HTTP redirect responses.
> > ProxyPassReverse /gerrithttp://localhost:8082/
> that error message to explain what is wrong.
>
>
>
> > The configurations in http.conf is:
> ...
> > # This directive lets Apache adjust the URL in the Location header on
> > HTTP redirect responses.
Shawn Pearce
May 12, 2010, 6:13:37 PM5/12/10
to csantos, Repo and Gerrit Discussion
csantos <claudia....@gmail.com> wrote:
> I changed the httpd.config and now when i try to access http://localhost/r/
> the authentication required window shows up, and i got this message:
>
> "Service Temporarily Unavailable"
Restart your Apache HTTPd. The problem here is, Apache is caching
> I changed the httpd.config and now when i try to access http://localhost/r/
> the authentication required window shows up, and i got this message:
>
> "Service Temporarily Unavailable"
that Gerrit Code Review was shutdown. And its not checking that
its back online. So its returning a cached error message. If you
restart Apache, it'll drop that cache and check again when it comes
back up.
> When i try to access http://172.17.27.186:8082/r/ i still got the same
> error:
>
> HTTP ERROR 403
>
> Problem accessing /r/login/mine. Reason: Forbidden
include authentication data in the request.
Reply all
Reply to author
Forward
0 new messages