| Issue 776: | auth LDAP / ssh user-not-found issue | |
| 10 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.1.5.1 What steps will reproduce the problem? 1. set up gerrit with LDAP auth 2. login with LDAP creds 3. import ssh public key via gerrit webinterface 4. try to verify ssh key e.g. ssh -p 29418 sshusername@hostname What is the expected output? What do you see instead? sshd_log always shows "... AUTH FAILURE FROM xxx.xxx.xxx.xxx user-not-found" Please provide any additional information below. - LDAP auth is working, first successful authenticated user is created as gerrit account with admin privileges (I looked into the H2 db to verify) - gerrit webinterface "Settings - Profile": "Username" field is empty - gerrit webinterface "Settings - SSH Public Keys": option to change SSH username is missing ([ldap] accountSshUserName is not set)
Jun 14, 2012
#1
g...@acentral.co.uk
Sep 25, 2012
sshd_log always shows "... AUTH FAILURE FROM xxx.xxx.xxx.xxx user-not-found" - LDAP auth is working, first successful authenticated user is created as gerrit account with admin privileges (I looked into the H2 db to verify) - gerrit webinterface "Settings - Profile": "Username" field is empty - gerrit webinterface "Settings - SSH Public Keys": also setup but still the error is sshd_log always shows "... AUTH FAILURE FROM xxx.xxx.xxx.xxx user-not-found"
Sep 25, 2012
If the username is not set SSH communication cannot work. 'username' is the username that is used for SSH. Set a username in the WebUI and use this user for the SSH communication.
Oct 25, 2012
This happens for me 2.5-rc2. It happens for the LDAP accounts containing "dot", e.g. "first.last" and works just fine for the ones that do not have dots. The workaround I have so far is this: - log in with your LDAP account; - log in to the DB with your SQL creds look into the account_external_ids; - you will see external ids formatted as gerrit:johndoe and username:johndoe for the people who don't have dots, and only gerrit:john.doe for those who have dots. - The fix is pretty obvious - add the username:john.doe manually (insert into account_external_ids...). Note: you have to restart Gerrit for the changes to take effect.
Nov 13, 2012
Is this only through ssh? I cannot log on to webui with users with LDAP of the format "first.last" at all. I am using 2.5 war. I already spent a whole day trying to figure out if it was the LDAP itself until i stumbled upon this!
Nov 13, 2012
Hi I fixed my issue by switch to LDAP (from LDAP_BIND) and supplying a login as well as using port 3268. Now I can login using such usernames. Basically i used these instructions: https://groups.google.com/forum/?fromgroups=#!topic/repo-discuss/UgGqDBzXd3M Thanks! |
|
| ► Sign in to add a comment |