Gerrit - LDAP authentication via REST api

[DImuthu Upeksha]

Hi,

I started a new Gerrit-2.8 server. At installation phase I gave my LDAP details.

[auth]

type = LDAP

gitBasicAuth = true

[ldap]

server = ldap://192.168.18.2:10389

username = uid=admin,ou=system

accountBase = dc=factory,dc=app,dc=com

groupBase = ou=Groups,dc=factory,dc=app,dc=com

I tried to use REST api to log in to Gerrit.(/a/groups/) But it didn't allow me to login. Username and password I entered are available in ldap. error_log gives following warning

com.google.gerrit.httpd.ProjectBasicAuthFilter : Authentication failed for admin: account inactive or not provisioned in Gerrit

I can log in if I do following steps

1. Login using web UI by giving Username, password of a LDAP account (First account I try to login is added as the admin automatically)

2.Generate HTTP password from UI

Then I can login using REST api by entering that generated password. But I need to login using actual LDAP account username and password in REST api.

How can I solve this issue?

[Edwin Kempin]

You can set 'auth.gitBasicAuth' to true in your gerrit.config to enable LDAP passwords for the REST API and Git pushes over HTTP.

 

https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#auth.gitBasicAuth
 

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[DImuthu Upeksha]

Yes I did it. I'm using a fresh deployment. No user has logged in to the system previously. Issue is, I can log using REST api if I have logged in at least one time using Web-UI. If not it gives Unauthorised error. Here is my code

public class Main {

    public static void main(String a[]) {

        String credentials = "admin:admin";

        byte[] encoding = Base64.encodeBase64(credentials.getBytes(Charset.forName("US-ASCII")));

        String encodingString = "Basic " + new String(encoding);

        HttpClient client = new DefaultHttpClient();

        HttpGet get = new HttpGet("http://10.100.4.44:8083/a/groups/");

        get.setHeader(HttpHeaders.AUTHORIZATION, encodingString);

        try {

            HttpResponse resp = client.execute(get);

            HttpEntity entity = resp.getEntity();

            String responseString = EntityUtils.toString(entity, "UTF-8");

            System.out.println(responseString);

        } catch (IOException e) {

            e.printStackTrace();

[Edwin Kempin]

2014-04-09 13:24 GMT+02:00 DImuthu Upeksha <dimuthu....@gmail.com>:

Yes I did it. I'm using a fresh deployment. No user has logged in to the system previously. Issue is, I can log using REST api if I have logged in at least one time using Web-UI.

Yes, for accessing the REST API the user must exist in Gerrit. On login to the WebUI a user account is created in Gerrit. So this is as expected.

There are a few operations (adding a member to a group) where an Gerrit account is automatically created for a user that hasn't logged in in the WebUI yet, but which exists in LDAP.