[Cdash] [Fwd: Re: CDash LDAP problem]

Marcel Loose loose at astron.nl
Wed Feb 17 15:57:54 UTC 2010 

Hi Julien,

I think I finally found the culprit. It was an LDAP configuration
problem after all. For some reason, retrieval of the 'cn' was disallowed
for the mere mortals. After changing that setting I could successfully
login as first-timer to CDash.

Thanks for your time and effort.
Marcel.

On Wed, 2010-02-17 at 10:26 -0500, Julien Jomier wrote:
> Hi Marcel,
> 
> Could you try to change the
> 
>    $CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
> 
> to
> 
>    $CDASH_LDAP_BASEDN='cn=Manager,dc=astron,dc=nl';
> 
> and see if that helps?
> 
> Julien
> 
> On 2/17/2010 10:24 AM, Marcel Loose wrote:
> > Hi Julien,
> >
> > I guess you mean $CDASH_LDAP_BASEDN, instead of $CDASH_LDAP_BIND_DN?
I
> > couldn't find any occurrence of the latter.
> >
> >> From the configuration file /etc/openldap/slapd.conf:
> > suffix          "dc=astron,dc=nl"
> > rootdn          "cn=Manager,dc=astron,dc=nl"
> >
> >> From the CDash configuration file
/srv/CDash/cdash/config.local.php:
> > $CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
> >
> > Looks to me they're the same.
> >
> > Changing 'cn' to 'gecos' in login.php indeed solves the problem. I
don't
> > know, though, if 'gecos' is just as "standard" as 'cn' is.
> >
> > Best regards,
> > Marcel Loose.
> >
> > On Wed, 2010-02-17 at 07:44 -0500, Julien Jomier wrote:
> >> Hi Marcel,
> >>
> >> This is strange. Could you check the value of the
$CDASH_LDAP_BIND_DN
> > in
> >> your config.local.php and see if it's the same as the one you are
> >> passing to slapcat?
> >>
> >> One thing you can do is replace 'cn' by 'gecos' in the login.php
file
> >> and it should work (since it looks like the same value).
> >>
> >> Let me know,
> >> Julien
> >>
> >> On 2/17/2010 3:59 AM, Marcel Loose wrote:
> >>> Hi Julien,
> >>>
> >>> So, it should be possible to authenticate users against an
existing
> > LDAP
> >>> database. However, when I try to login to CDash as
loose at astron.nl,
> > I
> >>> get the error:
> >>>
> >>>     No givenname (cn) set in LDAP, cannot register user into MIDAS
> >>>
> >>> That user is present in the LDAP database, though. Here's the
record
> >>> from the LDAP database, retrieved with 'slapcat'. As you can see,
> > the
> >>> 'cn' field is also present.
> >>>
> >>> dn: uid=loose,ou=people,dc=astron,dc=nl
> >>> objectClass: shadowAccount
> >>> objectClass: posixAccount
> >>> objectClass: inetOrgPerson
> >>> gecos: Marcel Loose
> >>> uid: loose
> >>> sn: Loose
> >>> givenName: Marcel
> >>> structuralObjectClass: inetOrgPerson
> >>> entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> >>> creatorsName: cn=Manager,dc=astron,dc=nl
> >>> createTimestamp: 20070821132115Z
> >>> uidNumber: 511
> >>> mail: loose at astron.nl
> >>> gidNumber: 1000
> >>> shadowLastChange: 14127
> >>> cn: Marcel Loose
> >>> userPassword:: ########
> >>> homeDirectory: /home/loose
> >>> loginShell: /bin/bash
> >>> entryCSN: 20100104140045Z#000000#00#000000
> >>> modifiersName: cn=Manager,dc=astron,dc=nl
> >>> modifyTimestamp: 20100104140045Z
> >>>
> >>> I'm baffled. Any ideas?
> >>>
> >>> Best regards,
> >>> Marcel Loose.
> >>>
> >>> On Tue, 2010-02-16 at 07:31 -0500, Julien Jomier wrote:
> >>>> Hi Marcel,
> >>>>
> >>>> You can use a LDAP database to authenticate users in CDash,
others
> >>> have
> >>>> done it. The only thing is that you need to configure either
CDash
> > or
> >>>> your LDAP to fill the 'cn' field, this is how CDash gets the
> >>> information
> >>>> to create the authenticated user automatically.
> >>>>
> >>>> Julien
> >>>>
> >>>> On 2/15/2010 3:30 AM, Marcel Loose wrote:
> >>>>> Hi Julien,
> >>>>>
> >>>>> Sorry for the late reply, I had a long weekend off.
> >>>>> Do I understand correctly, from your answer, that it is not
> > possible
> >>> to
> >>>>> use an existing LDAP database to authenticate users? Is it
really
> >>>>> necessary to register them from within CDash? If so, is there a
> > way
> >>> to
> >>>>> import users from an LDAP database into CDash?
> >>>>>
> >>>>> Best regards,
> >>>>> Marcel Loose.
> >>>>>
> >>>>>
> >>>>> On Thu, 2010-02-11 at 10:40 -0500, Julien Jomier wrote:
> >>>>>> Marcel,
> >>>>>>
> >>>>>> I'm wondering if the CDASH_LDAP options are defined correctly
and
> >>> that
> >>>>>
> >>>>>> might be the reason why 'cn' doesn't show up.
> >>>>>>
> >>>>>> CDash requires the user to be registered in CDash when using
> > LDAP.
> >>> The
> >>>>>
> >>>>>> authentication is done by LDAP. One option is to login as
> >>>>> administrator
> >>>>>> into CDash and register the user before trying to login into
> > LDAP.
> >>>>>>
> >>>>>> Let us know,
> >>>>>> Julien
> >>>>>>
> >>>>>> Marcel Loose wrote:
> >>>>>>     >    Hi all,
> >>>>>>     >
> >>>>>>     >    I'm experiencing an LDAP problem with CDash. When I
try to
> > log
> >>> into
> >>>>>>     >    CDash for the first time as a valid LDAP user, I get
the
> >>> message:
> >>>>>>     >
> >>>>>>     >    No givenname (cn) set in LDAP, cannot register user
into
> > MIDAS
> >>>>>>     >
> >>>>>>     >    Now I've been digging in the PHP-code a bit, but I
know
> > little
> >>> PHP.
> >>>>>>     >    The problem seems to be in the function
ldapAuthenticate()
> > in
> >>>>> login.php.
> >>>>>>     >    For reasons I don't understand, the return value of
> >>>>>> ldap_search($ldap,$CDASH_LDAP_BASEDN, 'mail='.$email,
> >>>>> array('dn','cn'))
> >>>>>>     >    contains an empty 'cn' field, though it does contain a
> > valid
> >>> 'dn'
> >>>>> field.
> >>>>>>     >
> >>>>>>     >    For debugging purposes, I've removed the attributes
> >>> specification
> >>>>> in the
> >>>>>>     >    ldap_search() call, thus returning all attributes.
This
> > gives
> >>> me:
> >>>>>>     >
> >>>>>>     >    var_dump($entries);
> >>>>>>     >    array(2) { ["count"]=>     int(1) [0]=>     array(24)
{
> >>> ["objectclass"]=>
> >>>>>>     >    array(4) { ["count"]=>     int(3) [0]=>     string(13)
> >>> "shadowAccount"
> >>>>> [1]=>
> >>>>>>     >    string(12) "posixAccount" [2]=>     string(13)
> > "inetOrgPerson" }
> >>> [0]=>
> >>>>>>     >    string(11) "objectclass" ["gecos"]=>     array(2) {
> > ["count"]=>
> >>>>> int(1)
> >>>>>>     >    [0]=>     string(12) "Marcel Loose" } [1]=>    
string(5)
> > "gecos"
> >>>>> ["uid"]=>
> >>>>>>     >    array(2) { ["count"]=>     int(1) [0]=>     string(5)
> > "loose" }
> >>> [2]=>
> >>>>>>     >    string(3) "uid" ["sn"]=>     array(2) { ["count"]=>
> > int(1)
> >>> [0]=>
> >>>>>>     >    string(5) "Loose" } [3]=>     string(2) "sn"
> > ["givenname"]=>
> >>> array(2)
> >>>>>>     >    { ["count"]=>     int(1) [0]=>     string(6) "Marcel"
}
> > [4]=>
> >>> string(9)
> >>>>>>     >    "givenname" ["uidnumber"]=>     array(2) { ["count"]=>
> > int(1)
> >>> [0]=>
> >>>>>>     >    string(3) "511" } [5]=>     string(9) "uidnumber"
> > ["mail"]=>
> >>> array(2)
> >>>>>>     >    { ["count"]=>     int(1) [0]=>     string(15)
> > "loose at astron.nl" }
> >>> [6]=>
> >>>>>>     >    string(4) "mail" ["gidnumber"]=>     array(2) {
["count"]=>
> >>> int(1)
> >>>>> [0]=>
> >>>>>>     >    string(4) "1000" } [7]=>     string(9) "gidnumber"
> >>>>> ["shadowlastchange"]=>
> >>>>>>     >    array(2) { ["count"]=>     int(1) [0]=>     string(5)
> > "14127" }
> >>> [8]=>
> >>>>>>     >    string(16) "shadowlastchange" ["homedirectory"]=>
> > array(2)
> >>>>>>     >    { ["count"]=>     int(1) [0]=>     string(11)
"/home/loose"
> > }
> >>> [9]=>
> >>>>>>     >    string(13) "homedirectory" ["loginshell"]=>    
array(2) {
> >>> ["count"]=>
> >>>>>>     >    int(1) [0]=>     string(9) "/bin/bash" } [10]=>
> > string(10)
> >>>>>>     >    "loginshell" ["count"]=>     int(11) ["dn"]=>    
string(35)
> >>>>>>     >    "uid=loose,ou=people,dc=astron,dc=nl" } }
> >>>>>>     >
> >>>>>>     >    Indeed, 'cn' is missing here. It is, however, present
in
> > the
> >>> LDAP
> >>>>>>     >    database. Here's a snippet of the output of 'slapcat',
for
> > the
> >>>>> given
> >>>>>>     >    user:
> >>>>>>     >
> >>>>>>     >    dn: uid=loose,ou=people,dc=astron,dc=nl
> >>>>>>     >    objectClass: shadowAccount
> >>>>>>     >    objectClass: posixAccount
> >>>>>>     >    objectClass: inetOrgPerson
> >>>>>>     >    gecos: Marcel Loose
> >>>>>>     >    uid: loose
> >>>>>>     >    sn: Loose
> >>>>>>     >    givenName: Marcel
> >>>>>>     >    structuralObjectClass: inetOrgPerson
> >>>>>>     >    entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> >>>>>>     >    creatorsName: cn=Manager,dc=astron,dc=nl
> >>>>>>     >    createTimestamp: 20070821132115Z
> >>>>>>     >    uidNumber: 511
> >>>>>>     >    mail: loose at astron.nl
> >>>>>>     >    gidNumber: 1000
> >>>>>>     >    shadowLastChange: 14127
> >>>>>>     >    cn: Marcel Loose
> >>>>>>     >    userPassword::<########>
> >>>>>>     >    homeDirectory: /home/loose
> >>>>>>     >    loginShell: /bin/bash
> >>>>>>     >    entryCSN: 20100104140045Z#000000#00#000000
> >>>>>>     >    modifiersName: cn=Manager,dc=astron,dc=nl
> >>>>>>     >    modifyTimestamp: 20100104140045Z
> >>>>>>     >
> >>>>>>     >    I don't know if this is a CDash problem -- e.g. it
should
> > use
> >>> a
> >>>>>>     >    different ldap-function; or if it's a problem with the
> >>> PHP-LDAP
> >>>>> module;
> >>>>>>     >    or if it's an LDAP database/configuration problem.
Could
> >>> someone
> >>>>> please
> >>>>>>     >    shed a light on this?
> >>>>>>     >
> >>>>>>     >    Best regards,
> >>>>>>     >    Marcel Loose.
> >>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>
> >
> >
> >

More information about the CDash mailing list