[Cdash] [Fwd: Re: CDash LDAP problem]
Julien Jomier
julien.jomier at kitware.com
Wed Feb 17 15:26:59 UTC 2010
Hi Marcel,
Could you try to change the
$CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
to
$CDASH_LDAP_BASEDN='cn=Manager,dc=astron,dc=nl';
and see if that helps?
Julien
On 2/17/2010 10:24 AM, Marcel Loose wrote:
> Hi Julien,
>
> I guess you mean $CDASH_LDAP_BASEDN, instead of $CDASH_LDAP_BIND_DN? I
> couldn't find any occurrence of the latter.
>
>> From the configuration file /etc/openldap/slapd.conf:
> suffix "dc=astron,dc=nl"
> rootdn "cn=Manager,dc=astron,dc=nl"
>
>> From the CDash configuration file /srv/CDash/cdash/config.local.php:
> $CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
>
> Looks to me they're the same.
>
> Changing 'cn' to 'gecos' in login.php indeed solves the problem. I don't
> know, though, if 'gecos' is just as "standard" as 'cn' is.
>
> Best regards,
> Marcel Loose.
>
> On Wed, 2010-02-17 at 07:44 -0500, Julien Jomier wrote:
>> Hi Marcel,
>>
>> This is strange. Could you check the value of the $CDASH_LDAP_BIND_DN
> in
>> your config.local.php and see if it's the same as the one you are
>> passing to slapcat?
>>
>> One thing you can do is replace 'cn' by 'gecos' in the login.php file
>> and it should work (since it looks like the same value).
>>
>> Let me know,
>> Julien
>>
>> On 2/17/2010 3:59 AM, Marcel Loose wrote:
>>> Hi Julien,
>>>
>>> So, it should be possible to authenticate users against an existing
> LDAP
>>> database. However, when I try to login to CDash as loose at astron.nl,
> I
>>> get the error:
>>>
>>> No givenname (cn) set in LDAP, cannot register user into MIDAS
>>>
>>> That user is present in the LDAP database, though. Here's the record
>>> from the LDAP database, retrieved with 'slapcat'. As you can see,
> the
>>> 'cn' field is also present.
>>>
>>> dn: uid=loose,ou=people,dc=astron,dc=nl
>>> objectClass: shadowAccount
>>> objectClass: posixAccount
>>> objectClass: inetOrgPerson
>>> gecos: Marcel Loose
>>> uid: loose
>>> sn: Loose
>>> givenName: Marcel
>>> structuralObjectClass: inetOrgPerson
>>> entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
>>> creatorsName: cn=Manager,dc=astron,dc=nl
>>> createTimestamp: 20070821132115Z
>>> uidNumber: 511
>>> mail: loose at astron.nl
>>> gidNumber: 1000
>>> shadowLastChange: 14127
>>> cn: Marcel Loose
>>> userPassword:: ########
>>> homeDirectory: /home/loose
>>> loginShell: /bin/bash
>>> entryCSN: 20100104140045Z#000000#00#000000
>>> modifiersName: cn=Manager,dc=astron,dc=nl
>>> modifyTimestamp: 20100104140045Z
>>>
>>> I'm baffled. Any ideas?
>>>
>>> Best regards,
>>> Marcel Loose.
>>>
>>> On Tue, 2010-02-16 at 07:31 -0500, Julien Jomier wrote:
>>>> Hi Marcel,
>>>>
>>>> You can use a LDAP database to authenticate users in CDash, others
>>> have
>>>> done it. The only thing is that you need to configure either CDash
> or
>>>> your LDAP to fill the 'cn' field, this is how CDash gets the
>>> information
>>>> to create the authenticated user automatically.
>>>>
>>>> Julien
>>>>
>>>> On 2/15/2010 3:30 AM, Marcel Loose wrote:
>>>>> Hi Julien,
>>>>>
>>>>> Sorry for the late reply, I had a long weekend off.
>>>>> Do I understand correctly, from your answer, that it is not
> possible
>>> to
>>>>> use an existing LDAP database to authenticate users? Is it really
>>>>> necessary to register them from within CDash? If so, is there a
> way
>>> to
>>>>> import users from an LDAP database into CDash?
>>>>>
>>>>> Best regards,
>>>>> Marcel Loose.
>>>>>
>>>>>
>>>>> On Thu, 2010-02-11 at 10:40 -0500, Julien Jomier wrote:
>>>>>> Marcel,
>>>>>>
>>>>>> I'm wondering if the CDASH_LDAP options are defined correctly and
>>> that
>>>>>
>>>>>> might be the reason why 'cn' doesn't show up.
>>>>>>
>>>>>> CDash requires the user to be registered in CDash when using
> LDAP.
>>> The
>>>>>
>>>>>> authentication is done by LDAP. One option is to login as
>>>>> administrator
>>>>>> into CDash and register the user before trying to login into
> LDAP.
>>>>>>
>>>>>> Let us know,
>>>>>> Julien
>>>>>>
>>>>>> Marcel Loose wrote:
>>>>>> > Hi all,
>>>>>> >
>>>>>> > I'm experiencing an LDAP problem with CDash. When I try to
> log
>>> into
>>>>>> > CDash for the first time as a valid LDAP user, I get the
>>> message:
>>>>>> >
>>>>>> > No givenname (cn) set in LDAP, cannot register user into
> MIDAS
>>>>>> >
>>>>>> > Now I've been digging in the PHP-code a bit, but I know
> little
>>> PHP.
>>>>>> > The problem seems to be in the function ldapAuthenticate()
> in
>>>>> login.php.
>>>>>> > For reasons I don't understand, the return value of
>>>>>> ldap_search($ldap,$CDASH_LDAP_BASEDN, 'mail='.$email,
>>>>> array('dn','cn'))
>>>>>> > contains an empty 'cn' field, though it does contain a
> valid
>>> 'dn'
>>>>> field.
>>>>>> >
>>>>>> > For debugging purposes, I've removed the attributes
>>> specification
>>>>> in the
>>>>>> > ldap_search() call, thus returning all attributes. This
> gives
>>> me:
>>>>>> >
>>>>>> > var_dump($entries);
>>>>>> > array(2) { ["count"]=> int(1) [0]=> array(24) {
>>> ["objectclass"]=>
>>>>>> > array(4) { ["count"]=> int(3) [0]=> string(13)
>>> "shadowAccount"
>>>>> [1]=>
>>>>>> > string(12) "posixAccount" [2]=> string(13)
> "inetOrgPerson" }
>>> [0]=>
>>>>>> > string(11) "objectclass" ["gecos"]=> array(2) {
> ["count"]=>
>>>>> int(1)
>>>>>> > [0]=> string(12) "Marcel Loose" } [1]=> string(5)
> "gecos"
>>>>> ["uid"]=>
>>>>>> > array(2) { ["count"]=> int(1) [0]=> string(5)
> "loose" }
>>> [2]=>
>>>>>> > string(3) "uid" ["sn"]=> array(2) { ["count"]=>
> int(1)
>>> [0]=>
>>>>>> > string(5) "Loose" } [3]=> string(2) "sn"
> ["givenname"]=>
>>> array(2)
>>>>>> > { ["count"]=> int(1) [0]=> string(6) "Marcel" }
> [4]=>
>>> string(9)
>>>>>> > "givenname" ["uidnumber"]=> array(2) { ["count"]=>
> int(1)
>>> [0]=>
>>>>>> > string(3) "511" } [5]=> string(9) "uidnumber"
> ["mail"]=>
>>> array(2)
>>>>>> > { ["count"]=> int(1) [0]=> string(15)
> "loose at astron.nl" }
>>> [6]=>
>>>>>> > string(4) "mail" ["gidnumber"]=> array(2) { ["count"]=>
>>> int(1)
>>>>> [0]=>
>>>>>> > string(4) "1000" } [7]=> string(9) "gidnumber"
>>>>> ["shadowlastchange"]=>
>>>>>> > array(2) { ["count"]=> int(1) [0]=> string(5)
> "14127" }
>>> [8]=>
>>>>>> > string(16) "shadowlastchange" ["homedirectory"]=>
> array(2)
>>>>>> > { ["count"]=> int(1) [0]=> string(11) "/home/loose"
> }
>>> [9]=>
>>>>>> > string(13) "homedirectory" ["loginshell"]=> array(2) {
>>> ["count"]=>
>>>>>> > int(1) [0]=> string(9) "/bin/bash" } [10]=>
> string(10)
>>>>>> > "loginshell" ["count"]=> int(11) ["dn"]=> string(35)
>>>>>> > "uid=loose,ou=people,dc=astron,dc=nl" } }
>>>>>> >
>>>>>> > Indeed, 'cn' is missing here. It is, however, present in
> the
>>> LDAP
>>>>>> > database. Here's a snippet of the output of 'slapcat', for
> the
>>>>> given
>>>>>> > user:
>>>>>> >
>>>>>> > dn: uid=loose,ou=people,dc=astron,dc=nl
>>>>>> > objectClass: shadowAccount
>>>>>> > objectClass: posixAccount
>>>>>> > objectClass: inetOrgPerson
>>>>>> > gecos: Marcel Loose
>>>>>> > uid: loose
>>>>>> > sn: Loose
>>>>>> > givenName: Marcel
>>>>>> > structuralObjectClass: inetOrgPerson
>>>>>> > entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
>>>>>> > creatorsName: cn=Manager,dc=astron,dc=nl
>>>>>> > createTimestamp: 20070821132115Z
>>>>>> > uidNumber: 511
>>>>>> > mail: loose at astron.nl
>>>>>> > gidNumber: 1000
>>>>>> > shadowLastChange: 14127
>>>>>> > cn: Marcel Loose
>>>>>> > userPassword::<########>
>>>>>> > homeDirectory: /home/loose
>>>>>> > loginShell: /bin/bash
>>>>>> > entryCSN: 20100104140045Z#000000#00#000000
>>>>>> > modifiersName: cn=Manager,dc=astron,dc=nl
>>>>>> > modifyTimestamp: 20100104140045Z
>>>>>> >
>>>>>> > I don't know if this is a CDash problem -- e.g. it should
> use
>>> a
>>>>>> > different ldap-function; or if it's a problem with the
>>> PHP-LDAP
>>>>> module;
>>>>>> > or if it's an LDAP database/configuration problem. Could
>>> someone
>>>>> please
>>>>>> > shed a light on this?
>>>>>> >
>>>>>> > Best regards,
>>>>>> > Marcel Loose.
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>
>
>
More information about the CDash
mailing list