Comments (6)
Hi Jerry,
Unfortunatelly the ldap library doesn't have a way to dump the connection data. Having said, wireshark is a good way to do it.
From the configuration you're sending I think that:
- groupname should be cn instead of sn.
- the group filter is restricting the groups to the ones which the name starts with mygroup. Is that really your intention?
- the memberid should be dn and not uid.
With membership on the group class the plugin should do, for each user, a search for groups with an attribute member equal to the user's DistinguishedName - dn.
(eg, member = uid=surname.name,ou=people).
If you're having trouble to determine which attributes you should use for the plugin, have a look at the examples I've set on the readme.rdoc. You can also try to connect to explore your ldap with a browser (eg, http://jxplorer.org/).
from redmine_ldap_sync.
Hi Thorin,
I had your plugin doing what I really want befor by hacking your code and using an user attribut filter.
since you change sligthly the code :
18e5229#lib/redmine_ldap_sync/redmine_ext/auth_source_ldap_patch.rb
before you declared user_filter , group_filter and object filter with the string 'objectclass' . I did change it to the name of the attribute I wanted to use for filter and it was doing the right filter.
user_filter = Net::LDAP::Filter.eq( 'objectClass', settings[:class_group] )
user_filter = Net::LDAP::Filter.eq( :objectclass, settings[:class_group]
Now your using :objectclass where the value of :objectclass is declared ?
When I launch the script is doing undred of searchRequest to the ldap server .
how could it be possible to stop it first with the search result from the information filled in the plugin form
then validate it !
And finaly leave it perform the search inside the dn declare in the ldap authentification form
I hope you'll get what I mean.
I've try several distinct way to access to my ldap fom your plugin I'm getting the message skipping user '' it already on a different auth_source.
from the code it mean if user.auth_source_id != self.id and not user.auth_source_id.blank?
and it's performing on every user of the ldap server ...
To explore my ldap server I use ldap search and with it I et my result without a problem .
from wireshark the search filter don't seem right
Filter(objectclass=person)
should be (cn=group*)
shouldn't be ?
thanks for your time anyway..
from redmine_ldap_sync.
Have you tried using 'dn' instead of 'uid' on the memberid?
I believe you won't need to hack the code.
On Fri, Feb 10, 2012 at 11:12 AM, lutinwood <
[email protected]
wrote:
Hi Thorin,
I had your plugin doing what I really want befor by hacking your code and
using an user attribut filter.since you change sligthly the code :
18e5229#lib/redmine_ldap_sync/redmine_ext/auth_source_ldap_patch.rb
before you declared user_filter , group_filter and object filter with the
string 'objectclass' . I did change it to the name of the attribute I
wanted to use for filter and it was doing the right filter.
user_filter = Net::LDAP::Filter.eq( 'objectClass', settings[:class_group] )user_filter = Net::LDAP::Filter.eq( :objectclass, settings[:class_group]
Now your using :objectclass where the value of :objectclass is declared ?When I launch the script is doing undred of searchRequest to the ldap
server .
how could it be possible to stop it first with the search result from the
information filled in the plugin form
then validate it !
And finaly leave it perform the search inside the dn declare in the ldap
authentification formI hope you'll get what I mean.
I've try several distinct way to access to my ldap fom your plugin I'm
getting the message skipping user '' it already on a different auth_source.from the code it mean if user.auth_source_id != self.id and not
user.auth_source_id.blank?and it's performing on every user of the ldap server ...
To explore my ldap server I use ldap search and with it I et my result
without a problem .from wireshark the search filter don't seem right
Filter(objectclass=person)
should be (cn=group*)
shouldn't be ?thanks for your time anyway..
Reply to this email directly or view it on GitHub:
#24 (comment)
from redmine_ldap_sync.
I trully believe that the problem is misconfiguration since the plugin is prepared to work with openldap
For the filter :objectclass is the same as 'objectclass'.
The error you're seing means that the users where previously or are configured to a different AuthSource.
If they really should be connected to this authsource what you can do is to update the authsource_id on the database to match the one you've configured with the plugin.
Not searching for groups by filtering them by the objectclass is a bit strange. You might get other objects that aren't groups.
The group object class should be "groupOfNames" (plural). But you should have a look on a group with the ldap browser to ensure that you have the correct objectclass.
If you need an extra filter you should use the groupsearch filter (eg, (&(objectClass=person)(|(givenName=John)(mail=john*)))
).
You're seeing those queries because it first does a run to find all the available user on the LDAP server and then single requests to get the users's memberid.
What you should see when you run the synchronization is:
- A single request to find all the users (objectclass=person).
- For each user a single request to the user memberid (objectclass=person).
- For each user a single request to get all the user's groups (& (objectclass=groupOfNames) ...).
from redmine_ldap_sync.
Hi thorin,
I succeed to have your script doing what I need it to do ... But I had to hack inside to change some value ..
I've sorted my error message "Skipping user ... " it came through because I had a filter on the ldap authentification (like the chiliproject one)
I found a variable called :object_class it is the same as :objectclass did you want it different for a peculiar reason ?
I only modified inside (redmine_ldap_sync/lib/redmine_ldap_sync/redmine_ext/auth_source_ldap_patch.rb)
259 : group_filter = Net::LDAP::Filter.eq( 'cn', settings[:class_group] ) # cn
271: user_filter = Net::LDAP::Filter.eq( 'user_attribut', settings[:class_user] ) #user_attribut
283:user_filter = Net::LDAP::Filter.eq( 'user_attribut', settings[:class_user] ) #user_attribut
---form inside redmine
User objectclass : mywishvalue*
Group : mywhishgroup
group name : cn
memberusers :members
Memberid: dn
from wireshark
Ldap searchRequest "ou=people...
Filter: (user_attribute=mywishvalue*)
Ldap searchRequest "ou=groups,...
Filter (&(cn=mywishgroup)(member=uid=whateveruser...)
I had to get my users into the system quickly so I've modified to get it working fast .. .but I'll be interested to follow the end of the story ..
I certainly have to make it more clean on some stage so I wil have to understand better how the LDAP request is made from the database info.
I'll get back to you as soon as I get something new.
Thanks
Jerry
from redmine_ldap_sync.
Good to hear you found a way to make it work.
But I have to say that it seems like you're using some rather strange rules to get the users and the groups you want.
The :objectclass is a symbol in ruby, it's not a variable.
The filter intreperts it the same way as the strings.
In the end what the following line does is to had (objectClass=groupOfNames)
to the ldap search filter:
Net::LDAP::Filter.eq( :objectclass, settings[:class_group])
For example in your changes you could have used 'Net::LDAP::Filter.eq( :cn, settings[:class_group] )' and you would have gotten the same result.
I'm not aware of how the ldap filters in the ChilliProject work but I'll definitely have a look.
from redmine_ldap_sync.
Related Issues (20)
- All accounts disabled HOT 8
- Nested group members not picked up HOT 18
- Improve test HOT 1
- Accounts not re-enabled when re-enabled in AD HOT 2
- On Synchronization update user fields
- sync_users DRY_RUN error
- sync_all DRY_RUN error
- sync_groups DRY_RUN error Not a DRY_RUN (writing to DB)
- Group name pattern: # of results different in test vs 'rake task' HOT 1
- No groups from Active Directory HOT 1
- Can not enable synchronization with invalid settings. Please review the configuration. HOT 3
- translation missing: zh.label_ldap_synchronization
- Icon admin menu link missing background-repeat: no-repeat property
- Feature Request - Ability to synchronize ad groups other attributes to use it for group name in redmine
- why my ldap sync plugin can't work? how can help me? HOT 2
- All LDAP Users Archived/Locked after Update to 3.4.6 HOT 1
- Errors during test of ldap sync setup HOT 1
- Synchronise locked users
- no New authentication button or menu HOT 4
- Redmine 4: uninitialized constant User::STANDARD_FIELDS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redmine_ldap_sync.