我正在使用apached(在端口10389上运行)来进行LDAP服务。我的gerrit实例能够与LDAP握手,但是,用户身份验证永远不会成功。我总是收到此错误消息:
用户名:name.surname
密码:密码
INFO com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'name.surname' failed to sign in: No such user: name.surname
我的gerrit.conf如下:
[gerrit]
basePath = /home/gerrit2/git
canonicalWebUrl = http://gerrit.myorg.com:8080/
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit2
[index]
type = LUCENE
[auth]
type = LDAP
[ldap]
server = ldap://localhost:10389
username = cn=abc def,ou=user,dc=myorg,dc=com
accountBase = ou=user,dc=myorg,dc=com
groupBase = ou=user,dc=myorg,dc=com
referral = follow
accountFullName = cn
accountEmailAddress = mail
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
[cache]
directory = cache
我将用户添加到分区ou = user,dc = myorg,dc = com的ldif文件是:
dn: cn=name.surname,ou=user,dc=myorg,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: name.surname
description: Gerrit Administrator
sn: name.surname
mail: name.surname@myorg.com
userpassword: password
任何人都可以解释问题发生在哪里?我假设默认情况下gerrit用户名与CN匹配(通过附加在baseDN上)。如果我错了,请纠正我。
答案 0 :(得分:0)
哦,我得到了答案。默认情况下,用户名与uid匹配。要将用户名与CN匹配,必须将以下行添加到gerrit.config文件的[ladp]子节中:
(cn=${username})