I am using apacheds (running on port 10389) for LDAP services. My gerrit instance is able to to a handshake with LDAP, however, user authentication is never successful. I always get this error message:
username: name.surname
password: password
INFO com.google.gerrit.httpd.auth.ldap.LdapLoginServlet : 'name.surname' failed to sign in: No such user: name.surname
My gerrit.conf is as follows:
[gerrit]
basePath = /home/gerrit2/git
canonicalWebUrl = http://gerrit.myorg.com:8080/
[database]
type = mysql
hostname = localhost
database = reviewdb
username = gerrit2
[index]
type = LUCENE
[auth]
type = LDAP
[ldap]
server = ldap://localhost:10389
username = cn=abc def,ou=user,dc=myorg,dc=com
accountBase = ou=user,dc=myorg,dc=com
groupBase = ou=user,dc=myorg,dc=com
referral = follow
accountFullName = cn
accountEmailAddress = mail
[sendemail]
smtpServer = localhost
[container]
user = gerrit2
javaHome = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.71.x86_64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
[cache]
directory = cache
The ldif file through which I added the user into partition ou=user,dc=myorg,dc=com is:
dn: cn=name.surname,ou=user,dc=myorg,dc=com
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: name.surname
description: Gerrit Administrator
sn: name.surname
mail: [email protected]
userpassword: password
Can anyone explain where's the problem happening? I assume by default the gerrit username is matched against the CN (by appending against the baseDN). Please correct me if I am wrong.
Oh, I got the answer. By default username is matched against uid. To match username against CN, the following line has to be added to [ladp] subsection in gerrit.config file: