[Cdash] [Fwd: Re: CDash LDAP problem]

Julien Jomier julien.jomier at kitware.com
Wed Feb 17 16:00:08 UTC 2010


Hi Marcel,

Thanks for looking into this. Could you describe the configuration issue 
so we can put it in the FAQ in case someone has the same issue.

Thanks,
Julien

On 2/17/2010 10:57 AM, Marcel Loose wrote:
> Hi Julien,
>
> I think I finally found the culprit. It was an LDAP configuration
> problem after all. For some reason, retrieval of the 'cn' was disallowed
> for the mere mortals. After changing that setting I could successfully
> login as first-timer to CDash.
>
> Thanks for your time and effort.
> Marcel.
>
> On Wed, 2010-02-17 at 10:26 -0500, Julien Jomier wrote:
>> Hi Marcel,
>>
>> Could you try to change the
>>
>>     $CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
>>
>> to
>>
>>     $CDASH_LDAP_BASEDN='cn=Manager,dc=astron,dc=nl';
>>
>> and see if that helps?
>>
>> Julien
>>
>> On 2/17/2010 10:24 AM, Marcel Loose wrote:
>>> Hi Julien,
>>>
>>> I guess you mean $CDASH_LDAP_BASEDN, instead of $CDASH_LDAP_BIND_DN?
> I
>>> couldn't find any occurrence of the latter.
>>>
>>>>  From the configuration file /etc/openldap/slapd.conf:
>>> suffix          "dc=astron,dc=nl"
>>> rootdn          "cn=Manager,dc=astron,dc=nl"
>>>
>>>>  From the CDash configuration file
> /srv/CDash/cdash/config.local.php:
>>> $CDASH_LDAP_BASEDN='ou=people,dc=astron,dc=nl';
>>>
>>> Looks to me they're the same.
>>>
>>> Changing 'cn' to 'gecos' in login.php indeed solves the problem. I
> don't
>>> know, though, if 'gecos' is just as "standard" as 'cn' is.
>>>
>>> Best regards,
>>> Marcel Loose.
>>>
>>> On Wed, 2010-02-17 at 07:44 -0500, Julien Jomier wrote:
>>>> Hi Marcel,
>>>>
>>>> This is strange. Could you check the value of the
> $CDASH_LDAP_BIND_DN
>>> in
>>>> your config.local.php and see if it's the same as the one you are
>>>> passing to slapcat?
>>>>
>>>> One thing you can do is replace 'cn' by 'gecos' in the login.php
> file
>>>> and it should work (since it looks like the same value).
>>>>
>>>> Let me know,
>>>> Julien
>>>>
>>>> On 2/17/2010 3:59 AM, Marcel Loose wrote:
>>>>> Hi Julien,
>>>>>
>>>>> So, it should be possible to authenticate users against an
> existing
>>> LDAP
>>>>> database. However, when I try to login to CDash as
> loose at astron.nl,
>>> I
>>>>> get the error:
>>>>>
>>>>>      No givenname (cn) set in LDAP, cannot register user into MIDAS
>>>>>
>>>>> That user is present in the LDAP database, though. Here's the
> record
>>>>> from the LDAP database, retrieved with 'slapcat'. As you can see,
>>> the
>>>>> 'cn' field is also present.
>>>>>
>>>>> dn: uid=loose,ou=people,dc=astron,dc=nl
>>>>> objectClass: shadowAccount
>>>>> objectClass: posixAccount
>>>>> objectClass: inetOrgPerson
>>>>> gecos: Marcel Loose
>>>>> uid: loose
>>>>> sn: Loose
>>>>> givenName: Marcel
>>>>> structuralObjectClass: inetOrgPerson
>>>>> entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
>>>>> creatorsName: cn=Manager,dc=astron,dc=nl
>>>>> createTimestamp: 20070821132115Z
>>>>> uidNumber: 511
>>>>> mail: loose at astron.nl
>>>>> gidNumber: 1000
>>>>> shadowLastChange: 14127
>>>>> cn: Marcel Loose
>>>>> userPassword:: ########
>>>>> homeDirectory: /home/loose
>>>>> loginShell: /bin/bash
>>>>> entryCSN: 20100104140045Z#000000#00#000000
>>>>> modifiersName: cn=Manager,dc=astron,dc=nl
>>>>> modifyTimestamp: 20100104140045Z
>>>>>
>>>>> I'm baffled. Any ideas?
>>>>>
>>>>> Best regards,
>>>>> Marcel Loose.
>>>>>
>>>>> On Tue, 2010-02-16 at 07:31 -0500, Julien Jomier wrote:
>>>>>> Hi Marcel,
>>>>>>
>>>>>> You can use a LDAP database to authenticate users in CDash,
> others
>>>>> have
>>>>>> done it. The only thing is that you need to configure either
> CDash
>>> or
>>>>>> your LDAP to fill the 'cn' field, this is how CDash gets the
>>>>> information
>>>>>> to create the authenticated user automatically.
>>>>>>
>>>>>> Julien
>>>>>>
>>>>>> On 2/15/2010 3:30 AM, Marcel Loose wrote:
>>>>>>> Hi Julien,
>>>>>>>
>>>>>>> Sorry for the late reply, I had a long weekend off.
>>>>>>> Do I understand correctly, from your answer, that it is not
>>> possible
>>>>> to
>>>>>>> use an existing LDAP database to authenticate users? Is it
> really
>>>>>>> necessary to register them from within CDash? If so, is there a
>>> way
>>>>> to
>>>>>>> import users from an LDAP database into CDash?
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Marcel Loose.
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 2010-02-11 at 10:40 -0500, Julien Jomier wrote:
>>>>>>>> Marcel,
>>>>>>>>
>>>>>>>> I'm wondering if the CDASH_LDAP options are defined correctly
> and
>>>>> that
>>>>>>>
>>>>>>>> might be the reason why 'cn' doesn't show up.
>>>>>>>>
>>>>>>>> CDash requires the user to be registered in CDash when using
>>> LDAP.
>>>>> The
>>>>>>>
>>>>>>>> authentication is done by LDAP. One option is to login as
>>>>>>> administrator
>>>>>>>> into CDash and register the user before trying to login into
>>> LDAP.
>>>>>>>>
>>>>>>>> Let us know,
>>>>>>>> Julien
>>>>>>>>
>>>>>>>> Marcel Loose wrote:
>>>>>>>>      >     Hi all,
>>>>>>>>      >
>>>>>>>>      >     I'm experiencing an LDAP problem with CDash. When I
> try to
>>> log
>>>>> into
>>>>>>>>      >     CDash for the first time as a valid LDAP user, I get
> the
>>>>> message:
>>>>>>>>      >
>>>>>>>>      >     No givenname (cn) set in LDAP, cannot register user
> into
>>> MIDAS
>>>>>>>>      >
>>>>>>>>      >     Now I've been digging in the PHP-code a bit, but I
> know
>>> little
>>>>> PHP.
>>>>>>>>      >     The problem seems to be in the function
> ldapAuthenticate()
>>> in
>>>>>>> login.php.
>>>>>>>>      >     For reasons I don't understand, the return value of
>>>>>>>> ldap_search($ldap,$CDASH_LDAP_BASEDN, 'mail='.$email,
>>>>>>> array('dn','cn'))
>>>>>>>>      >     contains an empty 'cn' field, though it does contain a
>>> valid
>>>>> 'dn'
>>>>>>> field.
>>>>>>>>      >
>>>>>>>>      >     For debugging purposes, I've removed the attributes
>>>>> specification
>>>>>>> in the
>>>>>>>>      >     ldap_search() call, thus returning all attributes.
> This
>>> gives
>>>>> me:
>>>>>>>>      >
>>>>>>>>      >     var_dump($entries);
>>>>>>>>      >     array(2) { ["count"]=>      int(1) [0]=>      array(24)
> {
>>>>> ["objectclass"]=>
>>>>>>>>      >     array(4) { ["count"]=>      int(3) [0]=>      string(13)
>>>>> "shadowAccount"
>>>>>>> [1]=>
>>>>>>>>      >     string(12) "posixAccount" [2]=>      string(13)
>>> "inetOrgPerson" }
>>>>> [0]=>
>>>>>>>>      >     string(11) "objectclass" ["gecos"]=>      array(2) {
>>> ["count"]=>
>>>>>>> int(1)
>>>>>>>>      >     [0]=>      string(12) "Marcel Loose" } [1]=>
> string(5)
>>> "gecos"
>>>>>>> ["uid"]=>
>>>>>>>>      >     array(2) { ["count"]=>      int(1) [0]=>      string(5)
>>> "loose" }
>>>>> [2]=>
>>>>>>>>      >     string(3) "uid" ["sn"]=>      array(2) { ["count"]=>
>>> int(1)
>>>>> [0]=>
>>>>>>>>      >     string(5) "Loose" } [3]=>      string(2) "sn"
>>> ["givenname"]=>
>>>>> array(2)
>>>>>>>>      >     { ["count"]=>      int(1) [0]=>      string(6) "Marcel"
> }
>>> [4]=>
>>>>> string(9)
>>>>>>>>      >     "givenname" ["uidnumber"]=>      array(2) { ["count"]=>
>>> int(1)
>>>>> [0]=>
>>>>>>>>      >     string(3) "511" } [5]=>      string(9) "uidnumber"
>>> ["mail"]=>
>>>>> array(2)
>>>>>>>>      >     { ["count"]=>      int(1) [0]=>      string(15)
>>> "loose at astron.nl" }
>>>>> [6]=>
>>>>>>>>      >     string(4) "mail" ["gidnumber"]=>      array(2) {
> ["count"]=>
>>>>> int(1)
>>>>>>> [0]=>
>>>>>>>>      >     string(4) "1000" } [7]=>      string(9) "gidnumber"
>>>>>>> ["shadowlastchange"]=>
>>>>>>>>      >     array(2) { ["count"]=>      int(1) [0]=>      string(5)
>>> "14127" }
>>>>> [8]=>
>>>>>>>>      >     string(16) "shadowlastchange" ["homedirectory"]=>
>>> array(2)
>>>>>>>>      >     { ["count"]=>      int(1) [0]=>      string(11)
> "/home/loose"
>>> }
>>>>> [9]=>
>>>>>>>>      >     string(13) "homedirectory" ["loginshell"]=>
> array(2) {
>>>>> ["count"]=>
>>>>>>>>      >     int(1) [0]=>      string(9) "/bin/bash" } [10]=>
>>> string(10)
>>>>>>>>      >     "loginshell" ["count"]=>      int(11) ["dn"]=>
> string(35)
>>>>>>>>      >     "uid=loose,ou=people,dc=astron,dc=nl" } }
>>>>>>>>      >
>>>>>>>>      >     Indeed, 'cn' is missing here. It is, however, present
> in
>>> the
>>>>> LDAP
>>>>>>>>      >     database. Here's a snippet of the output of 'slapcat',
> for
>>> the
>>>>>>> given
>>>>>>>>      >     user:
>>>>>>>>      >
>>>>>>>>      >     dn: uid=loose,ou=people,dc=astron,dc=nl
>>>>>>>>      >     objectClass: shadowAccount
>>>>>>>>      >     objectClass: posixAccount
>>>>>>>>      >     objectClass: inetOrgPerson
>>>>>>>>      >     gecos: Marcel Loose
>>>>>>>>      >     uid: loose
>>>>>>>>      >     sn: Loose
>>>>>>>>      >     givenName: Marcel
>>>>>>>>      >     structuralObjectClass: inetOrgPerson
>>>>>>>>      >     entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
>>>>>>>>      >     creatorsName: cn=Manager,dc=astron,dc=nl
>>>>>>>>      >     createTimestamp: 20070821132115Z
>>>>>>>>      >     uidNumber: 511
>>>>>>>>      >     mail: loose at astron.nl
>>>>>>>>      >     gidNumber: 1000
>>>>>>>>      >     shadowLastChange: 14127
>>>>>>>>      >     cn: Marcel Loose
>>>>>>>>      >     userPassword::<########>
>>>>>>>>      >     homeDirectory: /home/loose
>>>>>>>>      >     loginShell: /bin/bash
>>>>>>>>      >     entryCSN: 20100104140045Z#000000#00#000000
>>>>>>>>      >     modifiersName: cn=Manager,dc=astron,dc=nl
>>>>>>>>      >     modifyTimestamp: 20100104140045Z
>>>>>>>>      >
>>>>>>>>      >     I don't know if this is a CDash problem -- e.g. it
> should
>>> use
>>>>> a
>>>>>>>>      >     different ldap-function; or if it's a problem with the
>>>>> PHP-LDAP
>>>>>>> module;
>>>>>>>>      >     or if it's an LDAP database/configuration problem.
> Could
>>>>> someone
>>>>>>> please
>>>>>>>>      >     shed a light on this?
>>>>>>>>      >
>>>>>>>>      >     Best regards,
>>>>>>>>      >     Marcel Loose.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>
>
>



More information about the CDash mailing list