PHABRICATOR on NS

It’s even working with a public IP if the port is opened. I have to use the user without domain. I don’t use TLS. I added sn to the search attributes but that shouldn’t matter.

I left the other settings as they were.

Not for me, which makes me wonder why. No doubt it’s some difference in our setups, but I’m not sure what it would be. My setup is two Neth installations in VPSs at Contabo, one running its own OpenLDAP server, and the second (on which I’m playing with Phabricator) using the LDAP server on the first as its accounts provider. LDAP is set to be accessible on red and green on the first server, and the second is able to see, and authenticate to, user accounts on the first (which I’m pretty sure proves that LDAP is in fact accessible externally).

I’m getting the same results using ldap/389/TLS and ldaps/636 w/o TLS. Same whether I try to auth with just the username or the full email address. Looking to see if there are any logs that will give more detail.

I can reproduce the error when I login with domain. Both SSL and TLS are working. Does it work if you set the optional user in auth provider settings?

EDIT:

I tried it on a VPS at RobHost and got the same error so it seems to be a problem on VPS but there’s no difference between my internal server and the VPS as regards LDAP or number of interfaces. Strange.

EDIT2:

I forgot to change the Base Distinguished Name in the auth settings, after setting it to ou=People,dc=directory,dc=nh it worked with the VPS. This should work for any Nethserver LDAP.

That seems to have done it. Cool!

Glad it works now. I edited my previous posts to use that base dn.

LDAP authentication seems to work a little strangely. I may be doing something wrong, or this may be by design. But the first time I log in to Phabricator with a given LDAP user, it registers that username as a new user in Phabricator, which then requires admin approval. After admin approves, that user can log in and do whatever is appropriate.

Because of this, when setting up LDAP as an Auth mechanism, you need to leave the “registration” checkbox checked.

I am afraid it’s by design. I set auth.require-approval to false to ease testing.

You may import the users on the people page/user administration/import from ldap. Then they don’t need to register but are not approved but verified. :upside_down_face:
Just enter user/password and as object filter (objectClass=*) is working. You should get a list of LDAP users to import.

that leaves me as the only black ship.
I wonder what I am doing wrong…

LDAP HOSTNAME ldaps://sub.domain.tld
LDAP Port 636
Base Distinguished Name ou=People,dc=directory,dc=nh
Search Attributes uid mail
Username Attribute sn
Realname Attributes cn
ActiveDirectory Domain domain.tld

error:

LDAP Exception: Failed to bind to LDAP server (as user “me@domain.tld”). LDAP Error #-1: Can’t contact LDAP server

Can you reach the ldap ports 389 or 636?

If not you need to open the ports in Network services/slapd:

grafik

You need SSL or TLS so do you have a valid certificate?

Here are the auth provider settings that should work:

LDAP Hostname: ldaps://NETHSERVER_LDAPSERVER
LDAP Port: 636
Base Distinguished Name: ou=People,dc=directory,dc=nh
Search Attributes: uid
Username Attribute: sn
Realname Attributes: cn

or

LDAP Hostname: ldap://NETHSERVER_LDAPSERVER
LDAP Port: 389

Please try it with only username without domain.

Leave this one empty when using LDAP, you only need it for AD.

Thank you, I allowed the ldap port to the internet, and I have a lest ssl installed on the ldap server

now I am getting this error
LDAP Exception: Failed to bind to LDAP server (as user “name@domain.tld”). LDAP Error #34: Invalid DN syntax

thank you so much,

after removing this,
the error

is no longe there and I am now able to create account

1 Like

You’re welcome. Please share your experiences when using phabricator, maybe we can define some good default settings…or change the way of registering/importing users.

I have been using it for a while, testing it to see if we can implement it internally in our organization,

we have only 5 developers, and have been using bitbucket, jira and confluence.
the 3 programs maintaining has been an issue, and they consume a lot of storage space, and these multiple loggins, cause we have been using ryver also for, we are trying to get a nice minimalistic replacement that gets most of the essentials done.

So far the configuration of the email smtp is what has been mothering me. using both custom, and even postmark or other providers listed

1 Like

youd be surpised to note that the server I am using to test nethserver with phabricator and PBX have a RAM of 1 gb and a swap of 1 gb,

this for Atlassian stack I needed a server with 16 gb ram

1 Like

Very nice. :+1:

That looks like something that can only be done at the command line, and based on the docs you’d want to create a mailers.json file looking like this:

[
  {
    "key": "mailer",
    "type": "smtp",
    "host": "mailservername"
  }
]

(optionally adding port, username, password, and tls/ssl if needed). Then, from the phabricator directory, bin/config set cluster.mailers --stdin < mailers.json.

I haven’t set up a smtp server, but sendmail works on my installation.

1 Like

why did these guys have to make a simple process so complicated.
the hosted version it can be done on the ui

Your guess is as good as mine, though at least this process is (almost) documented. Almost, that is, except that their docs miss the parameter name (they say to do bin/config set --stdin < mailers.json).

@danb35 have you managed to create a repository in phabricator, and pushed to it successfully.

I am trying to push, despite having activated and created a URI for it it gives me erro or