gitblit icon indicating copy to clipboard operation
gitblit copied to clipboard
verified publisher icon gitblit-org

unable to troubleshoot ldap issues.

Open gitblit opened this issue 10 years ago • 5 comments

Originally reported on Google Code with ID 402

What steps will reproduce the problem?

1. configured gitblit:

realm.authenticationProviders = ldap
realm.ldap.accountBase = ou=People,dc=ugo-wallet,dc=com
realm.ldap.accountPattern = (objectClass=posixAccount)
realm.ldap.admins = @scalar
realm.ldap.displayName = cn
realm.ldap.email = ${uid}@ugo-wallet.com
realm.ldap.groupBase = ou=Group,dc=ugo-wallet,dc=com
realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(memberUid=*)))
realm.ldap.groupMemberPattern = (&(objectClass=group)(memberUid=${username}))
realm.ldap.maintainTeams = true
realm.ldap.password = password
realm.ldap.removeDeletedUsers = true
realm.ldap.server = ldap://ugo-dsp-ldap-01.ugo-wallet.com/
realm.ldap.synchronize = false
realm.ldap.syncPeriod = 5 MINUTES
realm.ldap.uid = uid
realm.ldap.username = uid=ugo-dsp-gitblit-01,ou=Machines,dc=ugo-wallet,dc=com

2. use customg log4j file:

 ...
 log4j.rootCategory=DEBUG, R
 ...

3. start the server:

 java -Dlog4j.configuration=file:///srv/gitblit-1.4.1/data/log4j.properties -jar gitblit.jar
--baseFolder data

What is the expected output? What do you see instead?

 I expect to see some sort of line indicating the parsed config, an attempt to connect
to ldap and the result. I see nothing.

What version of the product are you using? On what operating system?

 gitblit-1.4.1 ( the linux GO version ) ( RHEL 6.X )

Please provide any additional information below.

I did a tcpdump and I see lots of data flying back and forth.

I try to authenticate against gitblit and it fails. If I try to use the same creds
locally to the local OS ( pam ldap ) it works fine.

David Thornton
[email protected]

Reported by northdot9 on 2014-03-27 18:13:46

gitblit avatar Aug 12 '15 12:08 gitblit 

Yeah, I agree.  LDAP logging is a weakness and I haven't looked into improving it. 
Gitblit uses UnboundID underneath for LDAP communication.  That library might have
user-controllable logging, not sure.  Improvements are welcome here.

Reported by James.Moger on 2014-03-27 18:24:41

gitblit avatar Aug 12 '15 12:08 gitblit 

This looks interesting:
https://www.unboundid.com/products/ldap-sdk/docs/examples/LDAPDebugger.java

Unfortunately, it can't be bundled into Gitblit because it is GPL'd.  But we can learn
from it and write our own.

Reported by James.Moger on 2014-03-27 18:44:32

gitblit avatar Aug 12 '15 12:08 gitblit 

Issue 699 has been merged into this issue.

Reported by James.Moger on 2014-03-29 00:10:31

gitblit avatar Aug 12 '15 12:08 gitblit 

As James said recently in google group:

If you startup Gitblit with some -D VM args then you should be able to enable this:

-Dcom.unboundid.ldap.sdk.debug.enabled=true
-Dcom.unboundid.ldap.sdk.debug.level=INFO

You'll have to play with the log levels.
"ALL", "SEVERE", "WARNING", "INFO", "CONFIG", "FINE", "FINER", "FINEST", or "OFF".


-J

Reported by johann.ollivierlapeyre on 2015-03-06 13:00:33

gitblit avatar Aug 12 '15 12:08 gitblit 

Sweet, would be nice to have it documented somewhere.

Reported by [email protected] on 2015-03-06 13:02:13

gitblit avatar Aug 12 '15 12:08 gitblit