Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: squishey on March 28, 2013, 12:03:38 pm

Title: GitStack LDAP Syncing
Post by: squishey on March 28, 2013, 12:03:38 pm
Hello,

Have recently installed and setup Zentyal 3. I have FREENAS syncing with LDAP and I am trying to get GitStack to do the same but have not had any luck. I can get GitStack to successfully test the connection but when I try to sync I get an error message which I think is related to the 'username' attribute that I am using in the connection.

Here are the details that GitStack asks for:

Protocol : using ldap
Host : using local network ip
Port : using 390
Base DN : using Base DN from Zentyal LDAP page
Attribute : GitStack says this is 'The attribute on which the username is stored. Example "sAMAccountName"'. I have tried 'uid', 'cn', 'Users'
Scope : Can be either 'one' or 'sub' - using 'sub'
Filter : "(objectClass=Person)" is default - using "(objectClass=*)
Bind DN : using "uid=gitstack,ou=Users,dc=our,dc=domain,dc=com" (replacing our domain com with actual domain)
Bind Password : using gitstack password

With these settings GitStack is able to Test the Ldap settings but as soon as I sync them it gives me an error message related to the 'Attribute' that I have filled in.

Have been tearing my hair out trying to figure it out with different, any pointers would be really appreciated.

Cheers
Mark
Title: Re: GitStack LDAP Syncing
Post by: vgdynamic on March 29, 2013, 02:48:07 pm
Attribute : GitStack says this is 'The attribute on which the username is stored. Example "sAMAccountName"'. I have tried 'uid', 'cn', 'Users'

Have you tried "sAMAccountName"?
Title: Re: GitStack LDAP Syncing
Post by: christian on March 29, 2013, 03:06:06 pm
First you should really avoid any solution claiming to be LDAP compliant but trying to "synchronize" accounts. Reason being that LDAP is not there to provide referential repository to be used for sync but to be used as user back-end repository.
Sync means also out-of-sync most of the time  ;)  at least until next synchro  :P

Then, I don't think Samaccountname exists with LDAP on port 390. It exists on port 389 (dedicated to Samba) but there is no reason to maintain such account in LDAP out of Microsoft world.

Would you mind sharing your error message ? What I can read is already translation of what you think being the error isn't it?.
In case you need to drill-down, be aware that you could increase LDAP log level and look at what happens in syslog.
Title: Re: GitStack LDAP Syncing
Post by: squishey on March 30, 2013, 01:16:44 pm
Attribute : GitStack says this is 'The attribute on which the username is stored. Example "sAMAccountName"'. I have tried 'uid', 'cn', 'Users'

Have you tried "sAMAccountName"?

had tried that one as well - got the same error
Title: Re: GitStack LDAP Syncing
Post by: squishey on March 30, 2013, 01:20:22 pm
First you should really avoid any solution claiming to be LDAP compliant but trying to "synchronize" accounts. Reason being that LDAP is not there to provide referential repository to be used for sync but to be used as user back-end repository.
Sync means also out-of-sync most of the time  ;)  at least until next synchro  :P

Then, I don't think Samaccountname exists with LDAP on port 390. It exists on port 389 (dedicated to Samba) but there is no reason to maintain such account in LDAP out of Microsoft world.

Would you mind sharing your error message ? What I can read is already translation of what you think being the error isn't it?.
In case you need to drill-down, be aware that you could increase LDAP log level and look at what happens in syslog.

Thanks for the reply. Makes sense about syncing being the wrong way to go about things.

Error is a bit long but here it is (when I was using 'Users' as the attribute):

Exception at /rest/settings/authentication/ldap/sync/ ‘Users’ Request Method: GET Request URL: http://localhost/rest/settings/authentication/ldap/sync/?_=1364323964755 Django Version: 1.4 Python Executable: C:\GitStack\apache\bin\httpd.exe Python Version: 2.7.2 Python Path: ['C:\\GitStack\\app', 'C:\\GitStack\\python\\lib\\site-packages\\rsa-3.0.1-py2.7.egg', 'C:\\GitStack\\python\\lib\\site-packages\\pyasn1-0.1.3-py2.7.egg', 'C:\\GitStack\\python\\lib', 'C:\\GitStack\\python\\python27.zip', 'C:\\GitStack\\python\\DLLs', 'C:\\GitStack\\python\\lib\\plat-win', 'C:\\GitStack\\python\\lib\\lib-tk', 'C:\\GitStack\\apache\\bin', 'C:\\GitStack\\python', 'C:\\GitStack\\python\\lib\\site-packages'] Server time: Tue, 26 Mar 2013 18:52:44 +0000 Installed Applications: (‘django.contrib.auth’, ‘django.contrib.contenttypes’, ‘django.contrib.sessions’, ‘django.contrib.sites’, ‘django.contrib.messages’, ‘django.contrib.staticfiles’, ‘gitstack’, ‘rest’) Installed Middleware: (‘django.middleware.common.CommonMiddleware’, ‘django.contrib.sessions.middleware.SessionMiddleware’, ‘django.middleware.csrf.CsrfViewMiddleware’, ‘django.contrib.auth.middleware.AuthenticationMiddleware’, ‘django.contrib.messages.middleware.MessageMiddleware’) Traceback: File “C:\GitStack\python\lib\site-packages\django\core\handlers\base.py” in get_response 111. response = callback(request, *callback_args, **callback_kwargs) File “C:\GitStack\app\rest\views.py” in rest_settings_authentication_ldap_sync 629. UserLdap.sync() Exception Type: Exception at /rest/settings/authentication/ldap/sync/ Exception Value: ‘Users’ Request information: GET: _ = u’1364323964755′ POST: No POST data FILES: No FILES data COOKIES: csrftoken = ‘V7FnswuwZd5L1yZyS1R1q7EylU4f0EUM’ sessionid = ‘b5afcf2664e119d136f93b8f3d596758′ _uvts = ’1NDDnL6rP2eoMeG32Me9EahwivTWrQIaSa1urO’ META: wsgi.multiprocess = False HTTP_REFERER = ‘http://localhost/gitstack/settings/authentication/’ SERVER_SOFTWARE = ‘Apache/2.2.22 (Win32) mod_ssl/2.2.22 OpenSSL/0.9.8u mod_wsgi/3.3 Python/2.7.2′ SCRIPT_NAME = u” mod_wsgi.handler_script = ” SERVER_SIGNATURE = ” REQUEST_METHOD = ‘GET’ PATH_INFO = u’/rest/settings/authentication/ldap/sync/’ SERVER_PROTOCOL = ‘HTTP/1.1′ QUERY_STRING = ‘_=1364323964755′ HTTP_USER_AGENT = ‘Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0′ HTTP_CONNECTION = ‘keep-alive’ HTTP_COOKIE = ‘csrftoken=V7FnswuwZd5L1yZyS1R1q7EylU4f0EUM; sessionid=b5afcf2664e119d136f93b8f3d596758; _uvts=1NDDnL6rP2eoMeG32Me9EahwivTWrQIaSa1urO’ SERVER_NAME = ‘localhost’ REMOTE_ADDR = ‘::1′ REMOTE_USER=$REDIRECT_REMOTE_USER = ” mod_wsgi.request_handler = ‘wsgi-script’ PATHEXT = ‘.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC’ wsgi.url_scheme = ‘http’ GIT_HTTP_EXPORT_ALL = ” PATH_TRANSLATED = ‘C:\\GitStack\\app\\app\\wsgi.py\\rest\\settings\\authentication\\ldap\\sync\\’ SERVER_PORT = ’80′ mod_wsgi.version = mod_wsgi.input_chunked = ’0′ GIT_PROJECT_ROOT = ‘C:/gitstack/repositories’ SERVER_ADDR = ‘::1′ DOCUMENT_ROOT = ‘C:/GitStack/apache/htdocs’ mod_wsgi.process_group = ” COMSPEC = ‘C:\\Windows\\system32\\cmd.exe’ HTTP_X_REQUESTED_WITH = ‘XMLHttpRequest’ SCRIPT_FILENAME = ‘C:/GitStack/app/app/wsgi.py’ SERVER_ADMIN = ‘admin@example.com’ SCRIPT_URI = ‘http://localhost/rest/settings/authentication/ldap/sync/’ wsgi.input = HTTP_HOST = ‘localhost’ SCRIPT_URL = ‘/rest/settings/authentication/ldap/sync/’ mod_wsgi.callable_object = ‘application’ wsgi.multithread = True SystemRoot = ‘C:\\Windows’ REQUEST_URI = ‘/rest/settings/authentication/ldap/sync/?_=1364323964755′ HTTP_ACCEPT = ‘*/*’ WINDIR = ‘C:\\Windows’ wsgi.version = GATEWAY_INTERFACE = ‘CGI/1.1′ wsgi.run_once = False wsgi.errors = REMOTE_PORT = ’56161′ HTTP_ACCEPT_LANGUAGE = ‘en-US,en;q=0.5′ mod_wsgi.application_group = ‘*|’ mod_wsgi.script_reloading = ’1′ wsgi.file_wrapper = ” CSRF_COOKIE = ‘V7FnswuwZd5L1yZyS1R1q7EylU4f0EUM’ HTTP_ACCEPT_ENCODING = ‘gzip, deflate’ Settings: Using settings module app.settings USE_L10N = True USE_THOUSAND_SEPARATOR = False CSRF_COOKIE_SECURE = False LANGUAGE_CODE = ‘en-us’ ROOT_URLCONF = ‘app.urls’ MANAGERS = DEFAULT_CHARSET = ‘utf-8′ STATIC_ROOT = ‘C:/GitStack/app/app/staticfiles/’ MESSAGE_STORAGE = ‘django.contrib.messages.storage.fallback.FallbackStorage’ EMAIL_SUBJECT_PREFIX = ‘[Django] ‘ FILE_UPLOAD_PERMISSIONS = None URL_VALIDATOR_USER_AGENT = ‘Django/1.4 (https://www.djangoproject.com)’ STATICFILES_FINDERS = SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_NAME = ‘sessionid’ ADMIN_FOR = TIME_INPUT_FORMATS = DATABASES = {‘default’: {‘ENGINE’: ‘django.db.backends.sqlite3′, ‘TEST_MIRROR’: None, ‘NAME’: ‘C:/GitStack/data/data.db’, ‘TEST_CHARSET’: None, ‘TIME_ZONE’: ‘America/Chicago’, ‘TEST_COLLATION’: None, ‘PORT’: ”, ‘HOST’: ”, ‘USER’: ”, ‘TEST_NAME’: None, ‘PASSWORD’: u’********************’, ‘OPTIONS’: {}}} SERVER_EMAIL = ‘root@localhost’ FILE_UPLOAD_HANDLERS = DEFAULT_CONTENT_TYPE = ‘text/html’ APPEND_SLASH = True FIRST_DAY_OF_WEEK = 0 DATABASE_ROUTERS = [] YEAR_MONTH_FORMAT = ‘F Y’ STATICFILES_STORAGE = ‘django.contrib.staticfiles.storage.StaticFilesStorage’ CACHES = {‘default’: {‘LOCATION’: ”, ‘BACKEND’: ‘django.core.cache.backends.locmem.LocMemCache’}} INSTALL_DIR = ‘C:/GitStack’ SESSION_COOKIE_PATH = ‘/’ USE_X_FORWARDED_HOST = False MIDDLEWARE_CLASSES = USE_I18N = True THOUSAND_SEPARATOR = ‘,’ SECRET_KEY = u’********************’ LANGUAGE_COOKIE_NAME = ‘django_language’ DEFAULT_INDEX_TABLESPACE = ” TRANSACTIONS_MANAGED = False LOGGING_CONFIG = ‘django.utils.log.dictConfig’ SEND_BROKEN_LINK_EMAILS = False TEMPLATE_LOADERS = WSGI_APPLICATION = None TEMPLATE_DEBUG = True X_FRAME_OPTIONS = ‘SAMEORIGIN’ AUTHENTICATION_BACKENDS = ‘django.contrib.auth.backends.ModelBackend’ FORCE_SCRIPT_NAME = None CACHE_BACKEND = ‘locmem://’ SIGNING_BACKEND = ‘django.core.signing.TimestampSigner’ SESSION_COOKIE_SECURE = False CSRF_COOKIE_DOMAIN = None FILE_CHARSET = ‘utf-8′ DEBUG = True SESSION_FILE_PATH = None DEFAULT_FILE_STORAGE = ‘django.core.files.storage.FileSystemStorage’ INSTALLED_APPS = LANGUAGES = SETTINGS_PATH = ‘C:/GitStack/data/settings.ini’ COMMENTS_ALLOW_PROFANITIES = False STATICFILES_DIRS = PREPEND_WWW = False SECURE_PROXY_SSL_HEADER = None GIT_PATH = ‘C:/GitStack/git/bin/git.exe’ SESSION_COOKIE_HTTPONLY = True DEBUG_PROPAGATE_EXCEPTIONS = False LDAP_USERS_PATH = ‘C:/GitStack/data/ldapusers.json’ MONTH_DAY_FORMAT = ‘F j’ LOGIN_URL = ‘/registration/login/’ SESSION_EXPIRE_AT_BROWSER_CLOSE = False TIME_FORMAT = ‘P’ DATE_INPUT_FORMATS = CSRF_COOKIE_NAME = ‘csrftoken’ EMAIL_HOST_PASSWORD = u’********************’ PASSWORD_RESET_TIMEOUT_DAYS = u’********************’ CACHE_MIDDLEWARE_ALIAS = ‘default’ SESSION_SAVE_EVERY_REQUEST = False ADMIN_MEDIA_PREFIX = ‘/static/admin/’ NUMBER_GROUPING = 0 SESSION_ENGINE = ‘django.contrib.sessions.backends.db’ CSRF_FAILURE_VIEW = ‘django.views.csrf.csrf_failure’ CSRF_COOKIE_PATH = ‘/’ LOGIN_REDIRECT_URL = ‘/accounts/profile/’ LOGGING = {‘loggers’: {‘console’: {‘handlers’: ['console'], ‘level’: ‘DEBUG’}, ‘django.request’: {‘handlers’: ['mail_admins'], ‘propagate’: True, ‘level’: ‘ERROR’}}, ‘version’: 1, ‘disable_existing_loggers’: False, ‘filters’: {‘require_debug_false’: {‘()’: ‘django.utils.log.RequireDebugFalse’}}, ‘handlers’: {‘console’: {‘class’: ‘logging.StreamHandler’, ‘level’: ‘DEBUG’}, ‘mail_admins’: {‘class’: ‘django.utils.log.AdminEmailHandler’, ‘filters’: ['require_debug_false'], ‘level’: ‘ERROR’}}} IGNORABLE_404_URLS = LOCALE_PATHS = TEMPLATE_STRING_IF_INVALID = ” LOGOUT_URL = ‘/accounts/logout/’ EMAIL_USE_TLS = False FIXTURE_DIRS = EMAIL_HOST = ‘localhost’ DATE_FORMAT = ‘N j, Y’ MEDIA_ROOT = ” DEFAULT_EXCEPTION_REPORTER_FILTER = ‘django.views.debug.SafeExceptionReporterFilter’ ADMINS = FORMAT_MODULE_PATH = None DEFAULT_FROM_EMAIL = ‘webmaster@localhost’ MEDIA_URL = ” DATETIME_FORMAT = ‘N j, Y, P’ TEMPLATE_DIRS = ‘C:/GitStack/templates’ SITE_ID = 1 DISALLOWED_USER_AGENTS = ALLOWED_INCLUDE_ROOTS = DECIMAL_SEPARATOR = ‘.’ SHORT_DATE_FORMAT = ‘m/d/Y’ TEST_RUNNER = ‘django.test.simple.DjangoTestSuiteRunner’ CACHE_MIDDLEWARE_KEY_PREFIX = u’********************’ TIME_ZONE = ‘America/Chicago’ FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 EMAIL_BACKEND = ‘django.core.mail.backends.smtp.EmailBackend’ DEFAULT_TABLESPACE = ” TEMPLATE_CONTEXT_PROCESSORS = SESSION_COOKIE_AGE = 1209600 SETTINGS_MODULE = ‘app.settings’ USE_ETAGS = False LANGUAGES_BIDI = FILE_UPLOAD_TEMP_DIR = None INTERNAL_IPS = STATIC_URL = ‘/static/’ EMAIL_PORT = 25 USE_TZ = False SHORT_DATETIME_FORMAT = ‘m/d/Y P’ PASSWORD_HASHERS = u’********************’ ABSOLUTE_URL_OVERRIDES = {} CACHE_MIDDLEWARE_SECONDS = 600 DATETIME_INPUT_FORMATS = GROUP_FILE_PATH = ‘C:/GitStack/data/groupfile’ EMAIL_HOST_USER = ” PROFANITIES_LIST = u’********************’ You’re seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page

Might need to find another GIT solution that does LDAP correctly.

Cheers
Mark
Title: Re: GitStack LDAP Syncing
Post by: christian on March 30, 2013, 02:10:35 pm
wow  :o can you really read this  :o

May I suggest you attach log extract as file ?
Title: Re: GitStack LDAP Syncing
Post by: squishey on April 05, 2013, 03:34:09 pm
Hi,

Thanks for the help. After the note about not being LDAP compliant I ditched GitStack and went with SCM-Manager which is working with no problems at all.

Cheers
Mark
Title: Re: GitStack LDAP Syncing
Post by: christian on April 05, 2013, 03:58:25 pm
I'm glad you found something fitting your needs.

For what concerns my comment about "applications wrongly claiming to be LDAP compliant", take it with a it of salt  ;D
What I meant to say is that do not implement LDAP relying on state-of-the-art design. Still it may work but be prepared to face some problems sooner or later.