[Buildbot-devel] 回复: 回复: Could anybody give me a configuration exampleabout LDAP authentication for WebStatus?

你是我的眼 hbingbing at foxmail.com
Thu Jul 17 12:56:42 UTC 2014


Fabulous! Thanks very very much!
I really think that's what I want! I'll try it, and in the future return my feedback.


In fact, I configured other systems(such as gerrit, svn) by ldap, so I learned about some details about AD,
but for buildbot there's not any tips about configuring ldap, and can't expect any examples.and also I'm trying to learn to use the python script recently. 
So, It's hard for me to configure the buildbot by ldap successfully, your answer is very useful.


Thanks again!‍




------------------ 原始邮件 ------------------
发件人: "vasslitvinov";<vasslitvinov at pisem.net>;
发送时间: 2014年7月17日(星期四) 晚上8:30
收件人: "你是我的眼"<hbingbing at foxmail.com>; 
抄送: "buildbot-devel"<buildbot-devel at lists.sourceforge.net>; 
主题: Re: 回复: [Buildbot-devel] Could anybody give me a configuration exampleabout LDAP authentication for WebStatus?



Of course you'd need to know some AD details...

Okay, more code snippets follow:


LDAP_SERVER = 'ldap://<your-ad-server-address>:3268'

 
class LdapAccessor:
    def __init__(self, login, password):
        self.ldapConnection = ldap.initialize(LDAP_SERVER)
        self.ldapConnection.set_option(ldap.OPT_REFERRALS, 0)
         self.login, self.password = login, password


    def __enter__(self):
        self.ldapConnection.simple_bind_s(self.login, self.password)

        return self
 


    def __exit__(self, exc_type, exc_val, exc_tb):
        self.ldapConnection.unbind_s()
        return False # do not suppress any exceptions raised within "with" statement
 

    def search(self, *args, **kw):
        return self.ldapConnection.search_s(base = "<some-DN-qualifier>", scope = ldap.SCOPE_SUBTREE,
                               *args, **kw)
 


def getUserInfo(login, password, targetUser = None):
    with LdapAccessor(login, password) as ad:
        # search returns a list of tuples
        # each tuple is a pair of DN and fields associated with that DN
         fields = ad.search(filterstr = "(sAMAccountName=%s)" % login,
                           attrlist = ["mail", "displayName"])[0][1]
        displayName, userEmail = fields['displayName'][0], fields['mail'][0]
     return login, displayName, userEmail





This code is taken from our BB setup, I've slightly modified it to get rid of our details (and didn't test it for correctness after that), but that should give you some general idea of how things work.
 

P.S. <some-DN-qualifier> can usually be something like DC=companyName,DC=com


Thanks,
Vasily



 2014-07-17 7:48 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
 Hi,


If I finish installing the module of python-ldap for python, doesn't it need to config BaseDN and other domain properties?
 Is it just OK to have these fields:"userName, userDisplayName, userEmail‍"?

 
thanks very much!




------------------ 原始邮件 ------------------
 发件人: "Vasily";<vasslitvinov at pisem.net>;
发送时间: 2014年7月16日(星期三) 下午5:53
收件人: "你是我的眼"<hbingbing at foxmail.com>; 
 抄送: "buildbot-devel"<buildbot-devel at lists.sourceforge.net>; 
主题: Re: [Buildbot-devel] Could anybody give me a configuration exampleabout LDAP authentication for WebStatus?
 


Hi,

This is how we do it:


class BasicHTTPAuthRequest(Request):
    '''
    Class allowing us to put some more info into request before it is processed by Buildbot.
     We use activedirectory package to get e-mail and display name and we add our own request
    arguments for ForceScheduler instance to get them from the request.
    '''
     def process(self):
         userName, userPass = self.getUser(), self.getPassword()
        if userName:
            try:
                userName, userDisplayName, userEmail = getUserInfo(userName, userPass, \
                     getActiveDirectoryCachePath())
            except:
                twistedLog.msg('BasicHTTPAuthRequest: exception: %s' % traceback.format_exc())
                userDisplayName = ''
                 userEmail = current_site.NOTIFY
            # Overriding user_name here would help those sites where nginx accepts logins both
            # with and without domain specified (like in INNL) - previously that broke further
             # P1 builds because IDSID wasn't extracted, now it is properly extracted no matter
            # which form of username was specified by user.
            self.args['user_name'] = [userName]
             self.args['user_email'] = [userEmail]
            self.args['display_name'] = [userDisplayName]
        return Request.process(self)


class BasicHTTPAuthWebStatus(html.WebStatus):
     '''
    Subclass for usual Buildbot WebStatus that allows overriding requestFactory at the moment
    of initializing itself. Basic WebStatus sets its requestFactory to twisted Request class.
     '''
    def setupSite(self):
        self.site.requestFactory = BasicHTTPAuthRequest
        return html.WebStatus.setupSite(self)





 getUserInfo() is a function implemented via python-ldap which goes to ActiveDirectoy.


Thanks,
Vasily



2014-07-16 6:11 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
 Hi,


I want to config buildbot by ldap authentication, but I can't find anything useful in buildbot manual.
 Could someone give me a configuration ‍example about LDAP authentication for WebStatus?‍
 

Maybe it can be completed with Apache HTTPD as reverse proxy according to the offical manual, but I don't know to how to config it used by ldap.‍
 



Thanks a lot!

------------------------------------------------------------------------------
 Want fast and easy access to all the code in your enterprise? Index and
 search up to 200,000 lines of code with a free copy of Black Duck
 Code Sight - the same software that powers the world's largest code
 search on Ohloh, the Black Duck Open Hub! Try it now.
 http://p.sf.net/sfu/bds
_______________________________________________
 Buildbot-devel mailing list
 Buildbot-devel at lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/buildbot-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20140717/effa9351/attachment.html>


More information about the devel mailing list