[Cdash] [Fwd: Re: CDash LDAP problem]
Marcel Loose
loose at astron.nl
Wed Feb 17 15:24:16 UTC 2010
Hi Julien,
I guess you mean $CDASH_LDAP_BASEDN, instead of $CDASH_LDAP_BIND_DN? I
couldn't find any occurrence of the latter.
>From the configuration file /etc/openldap/slapd.conf:
suffix "dc=astron,dc=nl"
rootdn "cn=Manager,dc=astron,dc=nl"
>From the CDash configuration file /srv/CDash/cdash/config.local.php:
$CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
Looks to me they're the same.
Changing 'cn' to 'gecos' in login.php indeed solves the problem. I don't
know, though, if 'gecos' is just as "standard" as 'cn' is.
Best regards,
Marcel Loose.
On Wed, 2010-02-17 at 07:44 -0500, Julien Jomier wrote:
> Hi Marcel,
>
> This is strange. Could you check the value of the $CDASH_LDAP_BIND_DN
in
> your config.local.php and see if it's the same as the one you are
> passing to slapcat?
>
> One thing you can do is replace 'cn' by 'gecos' in the login.php file
> and it should work (since it looks like the same value).
>
> Let me know,
> Julien
>
> On 2/17/2010 3:59 AM, Marcel Loose wrote:
> > Hi Julien,
> >
> > So, it should be possible to authenticate users against an existing
LDAP
> > database. However, when I try to login to CDash as loose at astron.nl,
I
> > get the error:
> >
> > No givenname (cn) set in LDAP, cannot register user into MIDAS
> >
> > That user is present in the LDAP database, though. Here's the record
> > from the LDAP database, retrieved with 'slapcat'. As you can see,
the
> > 'cn' field is also present.
> >
> > dn: uid=loose,ou=people,dc=astron,dc=nl
> > objectClass: shadowAccount
> > objectClass: posixAccount
> > objectClass: inetOrgPerson
> > gecos: Marcel Loose
> > uid: loose
> > sn: Loose
> > givenName: Marcel
> > structuralObjectClass: inetOrgPerson
> > entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> > creatorsName: cn=Manager,dc=astron,dc=nl
> > createTimestamp: 20070821132115Z
> > uidNumber: 511
> > mail: loose at astron.nl
> > gidNumber: 1000
> > shadowLastChange: 14127
> > cn: Marcel Loose
> > userPassword:: ########
> > homeDirectory: /home/loose
> > loginShell: /bin/bash
> > entryCSN: 20100104140045Z#000000#00#000000
> > modifiersName: cn=Manager,dc=astron,dc=nl
> > modifyTimestamp: 20100104140045Z
> >
> > I'm baffled. Any ideas?
> >
> > Best regards,
> > Marcel Loose.
> >
> > On Tue, 2010-02-16 at 07:31 -0500, Julien Jomier wrote:
> >> Hi Marcel,
> >>
> >> You can use a LDAP database to authenticate users in CDash, others
> > have
> >> done it. The only thing is that you need to configure either CDash
or
> >> your LDAP to fill the 'cn' field, this is how CDash gets the
> > information
> >> to create the authenticated user automatically.
> >>
> >> Julien
> >>
> >> On 2/15/2010 3:30 AM, Marcel Loose wrote:
> >>> Hi Julien,
> >>>
> >>> Sorry for the late reply, I had a long weekend off.
> >>> Do I understand correctly, from your answer, that it is not
possible
> > to
> >>> use an existing LDAP database to authenticate users? Is it really
> >>> necessary to register them from within CDash? If so, is there a
way
> > to
> >>> import users from an LDAP database into CDash?
> >>>
> >>> Best regards,
> >>> Marcel Loose.
> >>>
> >>>
> >>> On Thu, 2010-02-11 at 10:40 -0500, Julien Jomier wrote:
> >>>> Marcel,
> >>>>
> >>>> I'm wondering if the CDASH_LDAP options are defined correctly and
> > that
> >>>
> >>>> might be the reason why 'cn' doesn't show up.
> >>>>
> >>>> CDash requires the user to be registered in CDash when using
LDAP.
> > The
> >>>
> >>>> authentication is done by LDAP. One option is to login as
> >>> administrator
> >>>> into CDash and register the user before trying to login into
LDAP.
> >>>>
> >>>> Let us know,
> >>>> Julien
> >>>>
> >>>> Marcel Loose wrote:
> >>>> > Hi all,
> >>>> >
> >>>> > I'm experiencing an LDAP problem with CDash. When I try to
log
> > into
> >>>> > CDash for the first time as a valid LDAP user, I get the
> > message:
> >>>> >
> >>>> > No givenname (cn) set in LDAP, cannot register user into
MIDAS
> >>>> >
> >>>> > Now I've been digging in the PHP-code a bit, but I know
little
> > PHP.
> >>>> > The problem seems to be in the function ldapAuthenticate()
in
> >>> login.php.
> >>>> > For reasons I don't understand, the return value of
> >>>> ldap_search($ldap,$CDASH_LDAP_BASEDN, 'mail='.$email,
> >>> array('dn','cn'))
> >>>> > contains an empty 'cn' field, though it does contain a
valid
> > 'dn'
> >>> field.
> >>>> >
> >>>> > For debugging purposes, I've removed the attributes
> > specification
> >>> in the
> >>>> > ldap_search() call, thus returning all attributes. This
gives
> > me:
> >>>> >
> >>>> > var_dump($entries);
> >>>> > array(2) { ["count"]=> int(1) [0]=> array(24) {
> > ["objectclass"]=>
> >>>> > array(4) { ["count"]=> int(3) [0]=> string(13)
> > "shadowAccount"
> >>> [1]=>
> >>>> > string(12) "posixAccount" [2]=> string(13)
"inetOrgPerson" }
> > [0]=>
> >>>> > string(11) "objectclass" ["gecos"]=> array(2) {
["count"]=>
> >>> int(1)
> >>>> > [0]=> string(12) "Marcel Loose" } [1]=> string(5)
"gecos"
> >>> ["uid"]=>
> >>>> > array(2) { ["count"]=> int(1) [0]=> string(5)
"loose" }
> > [2]=>
> >>>> > string(3) "uid" ["sn"]=> array(2) { ["count"]=>
int(1)
> > [0]=>
> >>>> > string(5) "Loose" } [3]=> string(2) "sn"
["givenname"]=>
> > array(2)
> >>>> > { ["count"]=> int(1) [0]=> string(6) "Marcel" }
[4]=>
> > string(9)
> >>>> > "givenname" ["uidnumber"]=> array(2) { ["count"]=>
int(1)
> > [0]=>
> >>>> > string(3) "511" } [5]=> string(9) "uidnumber"
["mail"]=>
> > array(2)
> >>>> > { ["count"]=> int(1) [0]=> string(15)
"loose at astron.nl" }
> > [6]=>
> >>>> > string(4) "mail" ["gidnumber"]=> array(2) { ["count"]=>
> > int(1)
> >>> [0]=>
> >>>> > string(4) "1000" } [7]=> string(9) "gidnumber"
> >>> ["shadowlastchange"]=>
> >>>> > array(2) { ["count"]=> int(1) [0]=> string(5)
"14127" }
> > [8]=>
> >>>> > string(16) "shadowlastchange" ["homedirectory"]=>
array(2)
> >>>> > { ["count"]=> int(1) [0]=> string(11) "/home/loose"
}
> > [9]=>
> >>>> > string(13) "homedirectory" ["loginshell"]=> array(2) {
> > ["count"]=>
> >>>> > int(1) [0]=> string(9) "/bin/bash" } [10]=>
string(10)
> >>>> > "loginshell" ["count"]=> int(11) ["dn"]=> string(35)
> >>>> > "uid=loose,ou=people,dc=astron,dc=nl" } }
> >>>> >
> >>>> > Indeed, 'cn' is missing here. It is, however, present in
the
> > LDAP
> >>>> > database. Here's a snippet of the output of 'slapcat', for
the
> >>> given
> >>>> > user:
> >>>> >
> >>>> > dn: uid=loose,ou=people,dc=astron,dc=nl
> >>>> > objectClass: shadowAccount
> >>>> > objectClass: posixAccount
> >>>> > objectClass: inetOrgPerson
> >>>> > gecos: Marcel Loose
> >>>> > uid: loose
> >>>> > sn: Loose
> >>>> > givenName: Marcel
> >>>> > structuralObjectClass: inetOrgPerson
> >>>> > entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> >>>> > creatorsName: cn=Manager,dc=astron,dc=nl
> >>>> > createTimestamp: 20070821132115Z
> >>>> > uidNumber: 511
> >>>> > mail: loose at astron.nl
> >>>> > gidNumber: 1000
> >>>> > shadowLastChange: 14127
> >>>> > cn: Marcel Loose
> >>>> > userPassword::<########>
> >>>> > homeDirectory: /home/loose
> >>>> > loginShell: /bin/bash
> >>>> > entryCSN: 20100104140045Z#000000#00#000000
> >>>> > modifiersName: cn=Manager,dc=astron,dc=nl
> >>>> > modifyTimestamp: 20100104140045Z
> >>>> >
> >>>> > I don't know if this is a CDash problem -- e.g. it should
use
> > a
> >>>> > different ldap-function; or if it's a problem with the
> > PHP-LDAP
> >>> module;
> >>>> > or if it's an LDAP database/configuration problem. Could
> > someone
> >>> please
> >>>> > shed a light on this?
> >>>> >
> >>>> > Best regards,
> >>>> > Marcel Loose.
> >>>
> >>>
> >>>
> >
> >
> >
More information about the CDash
mailing list