The ASP.NET Active Directory Membership Provider does an authenticated bind to the Active Directory using a specified username, password, and "connection string". The connection string is made up of the LDAP server's name, and the fully-qualified path of the container object where the user specified is located.
The connection string begins with the URI LDAP://
.
For the server name, you can use the name of a domain controller in that domain-- let's say "dc1.corp.domain.com". That gives us LDAP://dc1.corp.domain.com/
thusfar.
The next bit is the fully qualified path of the container object where the binding user is located. Let's say you're using the "Administrator" account and your domain's name is "corp.domain.com". The "Administrator" account is in a container named "Users" located one level below the root of the domain. Thus, the fully qualified DN of the "Users" container would be: CN=Users,DC=corp,DC=domain,DC=com
. If the user you're binding with is in an OU, instead of a container, the path would include "OU=ou-name".
So, using an account in an OU named Service Accounts
that's a sub-OU of an OU named Corp Objects
that's a sub-OU of a domain named corp.domain.com
would have a fully-qualified path of OU=Service Accounts,OU=Corp Objects,DC=corp,DC=domain,DC=com
.
Combine the LDAP://dc1.corp.domain.com/
with the fully qualified path to the container where the binding user is located (like, say, LDAP://dc1.corp.domain.com/OU=Service Accounts,OU=Corp Objects,DC=corp,DC=domain,DC=com
) and you've got your "connection string".
(You can use the domain's name in the connection string as opposed to the name of a domain controller. The difference is that the domain's name will resolve to the IP address of any domain controller in the domain. That can be both good and bad. You're not reliant on any single domain controller to be up and running for the membership provider to work, but the name happens to resolve to, say, a DC in a remote location with spotty network connectivity then you may have problems with the membership provider working.)
Well, I got the solution. Gerrit doesn't allow user name to be all digits. So all you gotta do is some config changes in gerrit.config under ldap section.
Under ldap section put:
accountPattern = (&(objectClass=person)(mail=${username}))
accountSshUserName = ${givenName}.${sn}
Now you will be able to login using your mail id and user information stored will be firstname.lastname.
Cheerss!!!
Best Answer
I decided to go ahead an answer this as it's kind of needed for the Gerrit Community. Currently, there're not a whole lot of tutorials covering advanced setups for Gerrit. I'm hoping this will help others explore XP/Agile practices and get Gerrit up and running. It's a great tool once you get past all the subtle setup challenges and details.
This install tutorial is rather unique in that it serves the specific environment:
Before you begin, make sure you have git installed on your system. Download the latest msysgit command line tool for windows from http://code.google.com/p/msysgit/downloads/list
Make sure you get the "Full installer for official Git for Windows".
If you intend on using the GitWeb version in msysgit, you will notice some issues around CGI.pm. I would like to mention a fix to resolve this issue.
The perl included with the msysgit distro, as of 1.7.8, is broken, http://groups.google.com/group/msysgit/browse_thread/thread/ba3501f1f0ed95af. The unicore folder is missing along with utf8_heavy.pl and CGI.pm. You can verify by checking for perl modules:
perl -mCGI -mEncode -mFcntl -mFile::Find -mFile::Basename -e "" You will probably encounter the following exception:
$ perl -mCGI -mEncode -mFcntl -mFile::Find -mFile::Basename -e "" Can't locate CGI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.8/msys /usr/lib/p erl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/msys /usr/lib/perl5/site_perl/5.8.8 /u sr/lib/perl5/site_perl .). BEGIN failed--compilation aborted.
If you're missing CGI.pm, you'll have to deploy the module to the msys environment: You will have to retrieve them from the 5.8.8 distro on :
http://strawberryperl.com/releases.html
File: strawberry-perl-5.8.8.3.zip
contents: bin/ lib/ site/
copy the contents of lib into msysgit/lib/perl5/5.8.8 and overwrite existing files.
If using commandline git, add your global configuration settings to git:
Make sure the credentials used here match the credentials in gerrit. Otherwise, gerrit will reject your request.
The instructions for installing and configuring Gerrit are as follows:
java -jar gerrit-2.4-rc0.war init -d config
Execute:
gerrit.config Update:
gerrit.config Update:
gerrit.config Update:
Server.xml:
You don't need the AJP connector unless you intend on proxying with Apache HTTP Server. I use it to offload SSL encryption and manage certificates. Just remove it if not needed. Be sure to change your HTTP connector port to 80 if you intend to run standalone.
The configuration above is for usage with postgres. If you're using MySQL, you will have to replace the resource with the following for MySQL:
Server.xml:
At this point, you are now ready to Configure Gerrit as a service and bring the review system online.
The jvm options are set separately for the nt service. You must modify your service.bat file before installing the nt service. This file resides in the tomcat/bin directory with the other startup.bat and shutdown scripts. Scroll down to the following section:
Modify this line to match the following:
The initial memory, jvmMs, should definitely be set to 512Mb for gerrit and extended, JvmMx, to 1024Mb.
Now you are ready to deploy gerrit as a service under windows. Just execute the following:
Goto your server manager and open the Services node. Open the properties for Gerrit and make sure you set the startup type to Automatic:
Apply and Close Dialog.
OK... Are we done yet? Unfortunately no, just a few more steps to go. Hang in there.
Now you're ready to start the service. Just highlight the Gerrit service and click the Start option to the left.
Review the logs under the tomcat/log directory. Ensure there are no outstanding errors. If you have problems, you can ask questions here or on the gerrit mailing list: http://groups.google.com/group/repo-discuss
You should be able to goto your browser and enter the url of your server to view Gerrit now: http://review.corporation.com:8080
You will be prompted to enter your ssh public key. This is only necessary if you intend on using Git/Gerrit via ssh instead of HTTP. I went ahead and set it up because it's a good option to have.
Configure SSH
Generate an ssh key for access:
Administrator@SERVER~/test $ ssh-keygen -t rsa
Register a new account in Gerrit through the web interface with the email address of your choice. The first user to sign-in and register an account will be automatically placed into the fully privileged Administrators group, permitting server management over the web and over SSH. Subsequent users will be automatically registered as unprivileged users.
Once signed in as your user, you find a little wizard to get you started. The wizard helps you fill out:
The server will ask you for an RSA public key. That’s the key we generated above, and it’s time to make sure that Gerrit knows about our new key and can identify us by it.
user@host:~$ cat .ssh/id_rsa.pub
Configure HTTP access for registered users only, unless your project is open to the public:
Generate an HTTP Password
Despite having configured your own login, you still have to generate a password for gerrit to server via http/https. Goto your Settings->HTTP Password configuration and click on 'Generate Password'. Use this password for all git operations over http(s).
Now we can test Gerrit via HTTP. You should be able to clone any projects existing in the repository you've referenced in the Gerrit config.
Test with clone operation
Test your ssh account
Clone a project from Gerrit via SSH:
If you haven't given up by now, you can relax, you should find yourself with a working Gerrit Code Review system hosted by a Windows 2008 Server :) It's not as common as a setup and as you can tell, warrants all the extra steps. However, some of us have limited resources and can only use what's provided. I hope this tutorial helps those seeking to run Gerrit in a similar environment. You should be ready now to start using Gerrit! Enjoy!
For further information regarding using Gerrit, please consult with the user guide from the Gerrit project:
http://gerrit-documentation.googlecode.com/svn/Documentation/2.3/index.html
Thank You Shawn Pierce for the help on IRC!
For future reference
Tutorial has been converted over to documentation for the Gerrit project. For those interested and need a good reference. Please see the patch request here:
https://gerrit-review.googlesource.com/#/c/37072