问题
On a server running Debian 8, how can I set up phabricator so that users are authenticated using a local LDAP server?
(Choosing LDAP because the same accounts should also be used by other web applications on the same server later)
回答1:
Replace all occurrences of ***** with secure passwords and store them safely.
Replace all occurrences of example.com with something sensible.
Use ssh X11 tunneling for the jxplorer application if you have no local X.
apt-get install emacs aptitude dbconfig-common debconf fonts-font-awesome jq \
php5-fpm libjs-raphael php5-cli php5-curl mysql-server php5-mysql \
php5-ldap po-debconf ucf nginx php5-apcu php5-gd npm python mc git \
default-jdk jxplorer slapd xauth
New password for the mysql root user: *****
Admin password for LDAP: *****
mysql -u root -p
mysql> grant all privileges on `phabricator\_%`.* to 'phabricator'@localhost identified by '*****';
mysql> exit
dpkg-reconfigure slapd
Enter
- domain: users.example.com,
- company name: example
- everywhere else, accept the defaults
start jxplorer, connect, enter
- Base DN: dc=users,dc=example,dc=com
- Level: user + password
- User DN: cn=admin,dc=users,dc=example,dc=com
- Password: What you used earlier
save connection settings if you like
Add new users below "users" with objectClass account,simpleSecurityObject:
- uid=developer,userPassword=*****,submit
- uid=reviewer,userPassword=*****,submit
- uid=webadmin,userPassword=*****,submit
- uid=anonymous,userPassword=*****,submit
Exit jxplorer
Download debian binary packages from testing distribution: phabricator, arcanist, libphutil. Use https://packages.debian.org/testing/phabricator to find the download links
# in the directory where these 3 packages have been downloaded to
dpkg -i *.deb
phabricator domain: phabricator.example.com web server: nginx MySQL administrator account username: phabricator
Setup DNS: Either have phabricator.example.com point to your server in DNS. Or add the ip address of the server to the client's /etc/hosts file as phabricator.example.com
service nginx restart
if this fails, then issue
nginx -t
to get the error message.
if the error message is
nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32 then edit /etc/nginx/nginx.conf to include something like
http {
server_names_hash_bucket_size 64;
...
}
Open http://phabricator.example.com/ in a web browser. It displays:
Authentication Failure. Your login session is invalid. Try reloading the page and logging in again. If that does not work, clear your browser cookies.
So I reload.
On the web page:
- Phabricator Username: webadmin
- Real Name: webadmin
- Password: *****
- Email: webadmin@example.com
Open the Auth application,
- Add Authentication Provider Username/Password
- Add Authentication Provider LDAP
- Check Trust Email Addresses
- LDAP Host Name: localhost
- Base Distinguished Name: dc=users,dc=example,dc=com
- Search Attributes: uid
- Anonymous Username: uid=anonymous,dc=users,dc=example,dc=com
- Anonymous Password: what I used earlier
- Add Provider
Go to phabricator startpage, Open the people application, choose webadmin Edit settings, Authentication External Accounts, Add External Account LDAP
- LDAP Username: webadmin
- LDAP Password: what I used earlier
- Link Accounts
- Confirm Account Link
Check if login via LDAP works:
- Log out
- Log in as webadmin over LDAP
- works
The user/password Auth Provider can now be disabled. Log out and log in again to check
Check if user registration over LDAP works:
- Log out,
- LDAP Username: developer
- LDAP Password: What I set earlier
- Login/Register
- Phabricator Username: developer
- Real Name: developer
- Email: developer@example.com
- Register Phabricator account.
Account needs Approval
Log out and log in again as webadmin
- Open the People Application
- Approval Queue
- Thumb up
Go to Phabricator start page
- Open the Config Application
- Authentication
- auth.require-approval
- Set value to false
- save
Log out
Check login as developer
- works
- Log out
Check registration as reviewer
- works without approval
来源:https://stackoverflow.com/questions/31289582/set-up-phabricator-with-ldap-authentication-on-debian-jessie