auth: don't break hashing in case of user with empty password....

auth: don't break hashing in case of user with empty password. In some cases such as LDAP user created via external scripts users might set the passwords to empty. The hashing uses the md5(password_hash) to store reference to detect password changes and forbid using the same password. In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such case. This change makes it work for empty passwords now.

marcink - - Load All Authors

File last commit:

r1936:39cf4a72 default


                r2203:8a18c3c3

default

Download file

             ldap-config-steps.rst
        
                    90 lines
            
             | 2.5 KiB
            
                | text/x-rst
            
             |
                RstLexer

/ docs / auth / ldap-config-steps.rst

History | Annotation | Raw |Copy content |Copy permalink

LDAP

|RCM| supports LDAP (Lightweight Directory Access Protocol) or AD (active Directory) authentication. All LDAP versions are supported, with the following |RCM| plugins managing each:

For LDAPv3 use LDAP (egg:rhodecode-enterprise-ce#ldap)
For LDAPv3 with user group sync use LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)

Important

The email used with your |RCE| super-admin account needs to match the email address attached to your admin profile in LDAP. This is because within |RCE| the user email needs to be unique, and multiple users cannot share an email account.

Likewise, if as an admin you also have a user account, the email address attached to the user account needs to be different.

LDAP Configuration Steps

To configure |LDAP|, use the following steps:

From the |RCM| interface, select :menuselection:`Admin --> Authentication`
Enable the required plugin and select :guilabel:`Save`
Select the :guilabel:`Enabled` check box in the plugin configuration section
Add the required LDAP information and :guilabel:`Save`, for more details, see :ref:`config-ldap-examples`

For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:

Example LDAP configuration

# Auth Cache TTL
3600
# Host
https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
# Port
389
# Account
cn=admin,dc=rhodecode,dc=com
# Password
ldap-user-password
# LDAP connection security
LDAPS
# Certificate checks level
DEMAND
# Base DN
cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
# User Search Base
ou=groups,ou=users
# LDAP search filter
(objectClass=person)
# LDAP search scope
SUBTREE
# Login attribute
rmagillacuddy
# First Name Attribute
Rufus
# Last Name Attribute
Magillacuddy
# Email Attribute
LDAP-Registered@email.ac
# User Member of Attribute
Organizational Role
# Group search base
cn=users,ou=groups,dc=rhodecode,dc=com
# LDAP Group Search Filter
(objectclass=posixGroup)
# Group Name Attribute
users
# Group Member Of Attribute
cn
# Admin Groups
admin,devops,qa

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages