It is the right request ? #24
Comments
|
Hi Jerry, Unfortunatelly the ldap library doesn't have a way to dump the connection data. Having said, wireshark is a good way to do it. From the configuration you're sending I think that:
If you're having trouble to determine which attributes you should use for the plugin, have a look at the examples I've set on the readme.rdoc. You can also try to connect to explore your ldap with a browser (eg, http://jxplorer.org/). |
ghost
assigned 
|
Hi Thorin, I had your plugin doing what I really want befor by hacking your code and using an user attribut filter. since you change sligthly the code : 18e5229#lib/redmine_ldap_sync/redmine_ext/auth_source_ldap_patch.rb before you declared user_filter , group_filter and object filter with the string 'objectclass' . I did change it to the name of the attribute I wanted to use for filter and it was doing the right filter. user_filter = Net::LDAP::Filter.eq( :objectclass, settings[:class_group] When I launch the script is doing undred of searchRequest to the ldap server . I hope you'll get what I mean. I've try several distinct way to access to my ldap fom your plugin I'm getting the message skipping user '' it already on a different auth_source. from the code it mean if user.auth_source_id != self.id and not user.auth_source_id.blank? and it's performing on every user of the ldap server ... To explore my ldap server I use ldap search and with it I et my result without a problem . from wireshark the search filter don't seem right Filter(objectclass=person) thanks for your time anyway.. |
|
Have you tried using 'dn' instead of 'uid' on the memberid? I believe you won't need to hack the code. On Fri, Feb 10, 2012 at 11:12 AM, lutinwood <
|
|
I trully believe that the problem is misconfiguration since the plugin is prepared to work with openldap For the filter :objectclass is the same as 'objectclass'. The error you're seing means that the users where previously or are configured to a different AuthSource. If they really should be connected to this authsource what you can do is to update the authsource_id on the database to match the one you've configured with the plugin. Not searching for groups by filtering them by the objectclass is a bit strange. You might get other objects that aren't groups. The group object class should be "groupOfNames" (plural). But you should have a look on a group with the ldap browser to ensure that you have the correct objectclass. If you need an extra filter you should use the groupsearch filter (eg, You're seeing those queries because it first does a run to find all the available user on the LDAP server and then single requests to get the users's memberid. What you should see when you run the synchronization is:
|
|
Hi thorin, I succeed to have your script doing what I need it to do ... But I had to hack inside to change some value .. I've sorted my error message "Skipping user ... " it came through because I had a filter on the ldap authentification (like the chiliproject one) I found a variable called :object_class it is the same as :objectclass did you want it different for a peculiar reason ? I only modified inside (redmine_ldap_sync/lib/redmine_ldap_sync/redmine_ext/auth_source_ldap_patch.rb) 259 : group_filter = Net::LDAP::Filter.eq( 'cn', settings[:class_group] ) # cn 271: user_filter = Net::LDAP::Filter.eq( 'user_attribut', settings[:class_user] ) #user_attribut 283:user_filter = Net::LDAP::Filter.eq( 'user_attribut', settings[:class_user] ) #user_attribut ---form inside redmine User objectclass : mywishvalue* group name : cn from wiresharkLdap searchRequest "ou=people... Ldap searchRequest "ou=groups,... I had to get my users into the system quickly so I've modified to get it working fast .. .but I'll be interested to follow the end of the story .. I certainly have to make it more clean on some stage so I wil have to understand better how the LDAP request is made from the database info. I'll get back to you as soon as I get something new. Thanks Jerry |
|
Good to hear you found a way to make it work. The :objectclass is a symbol in ruby, it's not a variable. In the end what the following line does is to had For example in your changes you could have used 'Net::LDAP::Filter.eq( :cn, settings[:class_group] )' and you would have gotten the same result. I'm not aware of how the ldap filters in the ChilliProject work but I'll definitely have a look. |
Hi ,
I'm trying to use redmine_ldap_sync with redmine 1.3.1 . My goal is to get some user from an openLDAP v3 ...
I use Ldap authentification ou=people,.. and it's working fine ..
I 've set up the redmine_ldap-sync to perform a search on ou=groups...
my openldap structure:
dn:
cn:
member : uid=surname.name,ou=people....
objectClass: groupOfNames
my redmine_ldap_sync
Group dn: ou=groups
user objectClass person
group objectclass = groupofname
groupsearch filter (cn=mygroup*)
group membership on group class
nested group disabled
attributs
groupname sn
memberusers member
memberid uid
I use wireshark to read the communication between redmine and ldap ...
Any of the search request are using the ou=group, ... groupbase DN.
all the search request are using the ou=people ... base name
result => after the script it's importing every user from the ldap without any filter
it seems than i don't even read the group base DN.
Is there any better way to find out which request is send to the openldap server
sincerly,
Jerry
The text was updated successfully, but these errors were encountered: