Help configuring LDAP
210 views
Skip to first unread message
Ganesh Prasannah
Jan 29, 2015, 6:18:05 AM1/29/15
to repo-d...@googlegroups.com
We are trying to set up LDAP authentication on a gerrit 2.9.4 instance inside our company network, and are hit with this error.
Our LDAP configuration looks like this.
Note that this is from a Node.js program that uses ldapauth, and it works fine.
Now when we try to adapt gerrit config to these, it doesn't work. Our gerrit.config looks like this.
What exactly are we doing wrong here?
[2015-01-29 16:00:50,174] ERROR com.google.gerrit.server.auth.ldap.LdapRealm : Cannot query LDAP to authenticate user
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]
Our LDAP configuration looks like this.
url: 'ldap://company.com:3268',
adminDn: 'CN=AD User,CN=Users,DC=country,DC=company,DC=com',
adminPassword: 'password',
searchBase: 'dc=company,dc=com',
searchFilter: '(userPrincipalName={{username}})'
Now when we try to adapt gerrit config to these, it doesn't work. Our gerrit.config looks like this.
[auth]
type = LDAP
[ldap]
server = ldap://company.com:3268
username = aduser
password = password
accountBase = cn=aduser,cn=users,dc=country,dc=company,dc=com
sslVerify = false
referral = follow
What exactly are we doing wrong here?
David Pursehouse
Jan 29, 2015, 7:15:27 AM1/29/15
to Ganesh Prasannah, repo-d...@googlegroups.com
On 01/29/2015 08:18 PM, Ganesh Prasannah wrote:
> We are trying to set up LDAP authentication on a gerrit 2.9.4 instance
> inside our company network, and are hit with this error.
>
> |
> [2015-01-2916:00:50,174]ERROR
> com.google.gerrit.server.auth.ldap.LdapRealm:Cannotquery LDAP to
> We are trying to set up LDAP authentication on a gerrit 2.9.4 instance
> inside our company network, and are hit with this error.
>
> |
> [2015-01-2916:00:50,174]ERROR
> authenticate user
> javax.naming.AuthenticationException:[LDAP:error code
> 49-80090308:LdapErr:DSID-0C0903A9,comment:AcceptSecurityContexterror,data 52e,v1db1^@]
> |
>
According to this page [1], "data 52e" means "invalid credentials".
> javax.naming.AuthenticationException:[LDAP:error code
> 49-80090308:LdapErr:DSID-0C0903A9,comment:AcceptSecurityContexterror,data 52e,v1db1^@]
> |
>
[1] http://www-01.ibm.com/support/docview.wss?uid=swg21290631
>
> Our LDAP configuration looks like this.
>
> |
> url:'ldap://company.com:3268',
> adminDn:'CN=AD User,CN=Users,DC=country,DC=company,DC=com',
> adminPassword:'password',
> searchBase:'dc=company,dc=com',
> searchFilter:'(userPrincipalName={{username}})'
> |
>
>
> Note that this is from a Node.js program that uses ldapauth, and it
> works fine.
>
> Now when we try to adapt gerrit config to these, it doesn't work. Our
> gerrit.config looks like this.
>
> |
> [auth]
> type =LDAP
> [ldap]
> server =ldap://company.com:3268
> username =aduser
> password =password
> accountBase =cn=aduser,cn=users,dc=country,dc=company,dc=com
User" with a space. Does that make a difference?
> sslVerify =false
> referral =follow
> |
>
>
> What exactly are we doing wrong here?
>
> --
>
>
> What exactly are we doing wrong here?
>
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to the Google
> Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to repo-discuss...@googlegroups.com
> <mailto:repo-discuss...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages