Gerrit无法使用LDAP进行身份验证

时间:2014-12-01 09:29:58

标签: ldap gerrit apacheds

我正在使用apached(在端口10389上运行)来进行LDAP服务。我的gerrit实例能够与LDAP握手,但是,用户身份验证永远不会成功。我总是收到此错误消息:
用户名:name.surname 密码:密码

INFO  com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'name.surname' failed to sign in: No such user: name.surname

我的gerrit.conf如下:

[gerrit]
    basePath = /home/gerrit2/git
    canonicalWebUrl = http://gerrit.myorg.com:8080/
[database]
    type = mysql
    hostname = localhost
    database = reviewdb
    username = gerrit2
[index]
    type = LUCENE
[auth]
    type = LDAP
[ldap]
    server      = ldap://localhost:10389
    username    = cn=abc def,ou=user,dc=myorg,dc=com
    accountBase = ou=user,dc=myorg,dc=com
    groupBase   = ou=user,dc=myorg,dc=com
    referral    = follow
    accountFullName = cn
    accountEmailAddress = mail

[sendemail]
    smtpServer = localhost
[container]
    user = gerrit2
    javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71.x86_64/jre
[sshd]
    listenAddress = *:29418
[httpd]
    listenUrl = http://*:8080/
[cache]
    directory = cache

我将用户添加到分区ou = user,dc = myorg,dc = com的ldif文件是:

dn: cn=name.surname,ou=user,dc=myorg,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: name.surname
description: Gerrit Administrator
sn: name.surname
mail: name.surname@myorg.com
userpassword: password

任何人都可以解释问题发生在哪里?我假设默认情况下gerrit用户名与CN匹配(通过附加在baseDN上)。如果我错了,请纠正我。

1 个答案:

答案 0 :(得分:0)

哦,我得到了答案。默认情况下,用户名与uid匹配。要将用户名与CN匹配,必须将以下行添加到gerrit.config文件的[ladp]子节中:

(cn=${username})