[Cdash] [Fwd: Re: CDash LDAP problem]
Marcel Loose
loose at astron.nl
Wed Feb 17 08:59:37 UTC 2010
Hi Julien,
So, it should be possible to authenticate users against an existing LDAP
database. However, when I try to login to CDash as loose at astron.nl, I
get the error:
No givenname (cn) set in LDAP, cannot register user into MIDAS
That user is present in the LDAP database, though. Here's the record
from the LDAP database, retrieved with 'slapcat'. As you can see, the
'cn' field is also present.
dn: uid=loose,ou=people,dc=astron,dc=nl
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
gecos: Marcel Loose
uid: loose
sn: Loose
givenName: Marcel
structuralObjectClass: inetOrgPerson
entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
creatorsName: cn=Manager,dc=astron,dc=nl
createTimestamp: 20070821132115Z
uidNumber: 511
mail: loose at astron.nl
gidNumber: 1000
shadowLastChange: 14127
cn: Marcel Loose
userPassword:: ########
homeDirectory: /home/loose
loginShell: /bin/bash
entryCSN: 20100104140045Z#000000#00#000000
modifiersName: cn=Manager,dc=astron,dc=nl
modifyTimestamp: 20100104140045Z
I'm baffled. Any ideas?
Best regards,
Marcel Loose.
On Tue, 2010-02-16 at 07:31 -0500, Julien Jomier wrote:
> Hi Marcel,
>
> You can use a LDAP database to authenticate users in CDash, others
have
> done it. The only thing is that you need to configure either CDash or
> your LDAP to fill the 'cn' field, this is how CDash gets the
information
> to create the authenticated user automatically.
>
> Julien
>
> On 2/15/2010 3:30 AM, Marcel Loose wrote:
> > Hi Julien,
> >
> > Sorry for the late reply, I had a long weekend off.
> > Do I understand correctly, from your answer, that it is not possible
to
> > use an existing LDAP database to authenticate users? Is it really
> > necessary to register them from within CDash? If so, is there a way
to
> > import users from an LDAP database into CDash?
> >
> > Best regards,
> > Marcel Loose.
> >
> >
> > On Thu, 2010-02-11 at 10:40 -0500, Julien Jomier wrote:
> >> Marcel,
> >>
> >> I'm wondering if the CDASH_LDAP options are defined correctly and
that
> >
> >> might be the reason why 'cn' doesn't show up.
> >>
> >> CDash requires the user to be registered in CDash when using LDAP.
The
> >
> >> authentication is done by LDAP. One option is to login as
> > administrator
> >> into CDash and register the user before trying to login into LDAP.
> >>
> >> Let us know,
> >> Julien
> >>
> >> Marcel Loose wrote:
> >> > Hi all,
> >> >
> >> > I'm experiencing an LDAP problem with CDash. When I try to log
into
> >> > CDash for the first time as a valid LDAP user, I get the
message:
> >> >
> >> > No givenname (cn) set in LDAP, cannot register user into MIDAS
> >> >
> >> > Now I've been digging in the PHP-code a bit, but I know little
PHP.
> >> > The problem seems to be in the function ldapAuthenticate() in
> > login.php.
> >> > For reasons I don't understand, the return value of
> >> ldap_search($ldap,$CDASH_LDAP_BASEDN, 'mail='.$email,
> > array('dn','cn'))
> >> > contains an empty 'cn' field, though it does contain a valid
'dn'
> > field.
> >> >
> >> > For debugging purposes, I've removed the attributes
specification
> > in the
> >> > ldap_search() call, thus returning all attributes. This gives
me:
> >> >
> >> > var_dump($entries);
> >> > array(2) { ["count"]=> int(1) [0]=> array(24) {
["objectclass"]=>
> >> > array(4) { ["count"]=> int(3) [0]=> string(13)
"shadowAccount"
> > [1]=>
> >> > string(12) "posixAccount" [2]=> string(13) "inetOrgPerson" }
[0]=>
> >> > string(11) "objectclass" ["gecos"]=> array(2) { ["count"]=>
> > int(1)
> >> > [0]=> string(12) "Marcel Loose" } [1]=> string(5) "gecos"
> > ["uid"]=>
> >> > array(2) { ["count"]=> int(1) [0]=> string(5) "loose" }
[2]=>
> >> > string(3) "uid" ["sn"]=> array(2) { ["count"]=> int(1)
[0]=>
> >> > string(5) "Loose" } [3]=> string(2) "sn" ["givenname"]=>
array(2)
> >> > { ["count"]=> int(1) [0]=> string(6) "Marcel" } [4]=>
string(9)
> >> > "givenname" ["uidnumber"]=> array(2) { ["count"]=> int(1)
[0]=>
> >> > string(3) "511" } [5]=> string(9) "uidnumber" ["mail"]=>
array(2)
> >> > { ["count"]=> int(1) [0]=> string(15) "loose at astron.nl" }
[6]=>
> >> > string(4) "mail" ["gidnumber"]=> array(2) { ["count"]=>
int(1)
> > [0]=>
> >> > string(4) "1000" } [7]=> string(9) "gidnumber"
> > ["shadowlastchange"]=>
> >> > array(2) { ["count"]=> int(1) [0]=> string(5) "14127" }
[8]=>
> >> > string(16) "shadowlastchange" ["homedirectory"]=> array(2)
> >> > { ["count"]=> int(1) [0]=> string(11) "/home/loose" }
[9]=>
> >> > string(13) "homedirectory" ["loginshell"]=> array(2) {
["count"]=>
> >> > int(1) [0]=> string(9) "/bin/bash" } [10]=> string(10)
> >> > "loginshell" ["count"]=> int(11) ["dn"]=> string(35)
> >> > "uid=loose,ou=people,dc=astron,dc=nl" } }
> >> >
> >> > Indeed, 'cn' is missing here. It is, however, present in the
LDAP
> >> > database. Here's a snippet of the output of 'slapcat', for the
> > given
> >> > user:
> >> >
> >> > dn: uid=loose,ou=people,dc=astron,dc=nl
> >> > objectClass: shadowAccount
> >> > objectClass: posixAccount
> >> > objectClass: inetOrgPerson
> >> > gecos: Marcel Loose
> >> > uid: loose
> >> > sn: Loose
> >> > givenName: Marcel
> >> > structuralObjectClass: inetOrgPerson
> >> > entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> >> > creatorsName: cn=Manager,dc=astron,dc=nl
> >> > createTimestamp: 20070821132115Z
> >> > uidNumber: 511
> >> > mail: loose at astron.nl
> >> > gidNumber: 1000
> >> > shadowLastChange: 14127
> >> > cn: Marcel Loose
> >> > userPassword::<########>
> >> > homeDirectory: /home/loose
> >> > loginShell: /bin/bash
> >> > entryCSN: 20100104140045Z#000000#00#000000
> >> > modifiersName: cn=Manager,dc=astron,dc=nl
> >> > modifyTimestamp: 20100104140045Z
> >> >
> >> > I don't know if this is a CDash problem -- e.g. it should use
a
> >> > different ldap-function; or if it's a problem with the
PHP-LDAP
> > module;
> >> > or if it's an LDAP database/configuration problem. Could
someone
> > please
> >> > shed a light on this?
> >> >
> >> > Best regards,
> >> > Marcel Loose.
> >
> >
> >
More information about the CDash
mailing list