在Debian Jessie上设置使用LDAP验证的制图员 [英] Set up phabricator with LDAP authentication on Debian Jessie
问题描述
在运行Debian 8的服务器上,如何设置phabricator以便用户使用本地LDAP服务器进行身份验证?
(选择LDAP,因为相同的帐户也应该被稍后在同一台服务器上的其他Web应用程序使用)
使用安全密码替换所有出现的*****,并将其安全存储。
替换所有出现的example.com有一些明智的选择。
如果您没有本地X,请使用ssh X11隧道jxplorer应用程序。
apt-get install emacs aptitude dbconfig-common debconf fonts-font-awesome jq \
php5-fpm libjs-raphael php5-cli php5-curl mysql-server php5-mysql \
php5-ldap po-debconf ucf nginx php5-apcu php5-gd npm python mc git \
default-jdk jxplorer slapd xauth
mysql root用户的新密码:*****
LDAP的管理员密码:*****
mysql -u root -p
mysql>将`phabricator\_%`。*赋予'phabricator'@ localhost的所有权限,由'*****'标识;
mysql>退出
dpkg-reconfigure slapd
输入
- 域:users.example.com,
- 公司名称:示例
- 其他地方,接受默认值
启动jxplorer,连接,输入
- 基本DN:dc = users,dc = example,dc = com
- 级别:用户+密码
- 用户DN:cn = admin,dc = users,dc = example,dc = com
- 密码:以前使用过的
如果您喜欢,请保存连接设置
使用objectClass帐户添加新用户,simpleSecurityObject:
- uid =开发人员,userPassword = *****,提交
- uid = reviewer,userPassword = *****,submit
- uid = webadmin,userPassword = *****,submit
- uid = anonymous,userPassword = *****,submit
-
退出jxplorer
从测试发行版下载debian二进制包:
phabricator,arcanist,libphutil。使用
https://packages.debian.org/testing/phabricator 查找下载链接
#将这3个软件包下载到
dpkg -i * .deb
phabricator domain:phabricator.example.com
web server:nginx
MySQL管理员帐户用户名:phabricator
设置DNS:请使用phabricator.example.com指向DNS中的服务器。
或者将服务器的IP地址添加到客户端的/ etc / hosts文件
作为
phabricator.example.com
服务nginx restart
如果失败了,然后发行
nginx -t
以获取错误消息。
如果错误消息是
\\ nnginx:[emerg]无法构建server_names_hash,您应该增加server_names_hash_bucket_size:32
然后编辑/etc/nginx/nginx.conf以包含类似于
http {
server_names_hash_bucket_size 64;
...
}
打开 http://phabricator.example.com/ 在网络浏览器中。它显示:
身份验证失败。您的登录会话无效。尝试重新加载页面并重新登录。如果不行,请清除您的浏览器Cookie。
所以我重新加载。
在网页上:
- Phabricator用户名:webadmin
- 真实姓名:webadmin
- 密码:*****
- 电子邮件:webadmin@example.com
打开认证应用程序
- 添加验证提供者用户名/密码
- 添加验证提供者LDAP
- 检查信任电子邮件地址
- LDAP主机名:localhost
- 基本可分辨名称:dc = users,dc = example,dc = com
- 搜索属性: uid
- 匿名用户名:uid = anonymous,dc = users,dc = example,dc = com
- 匿名密码: li>
- 添加提供者
去phabricator startpage,打开人员应用程序,选择webadmin
编辑设置,身份验证外部帐户,添加外部帐户LDAP
- LDAP用户名:webadmin
- LDAP密码:我之前使用过的
- 链接帐户
- 确认帐户链接
检查通过LDAP登录是否工作:
- 注销
- 以LDAP身份登录webadmin
用户/密码Auth Provider可以现在被禁用
注销并重新登录以检查
检查LDAP上的用户注册是否工作:
- 注销
- LDAP用户名:开发人员
- LDAP密码:我之前设置的
- 登录/注册
- Phabricator用户名:开发人员
- 真实姓名: li>
- 电子邮件:developer@example.com
- 注册Phabricator帐户。
帐户需要批准
注销并重新登录为webadmin
- 打开People应用程序
- 批准队列
- 赞成
转到Phabricator起始页
- 打开配置应用程序
- 认证
- auth.require-approval
- 将值设置为false
- 保存
注销
检查登录为developmente r
- 工作
- 退出
检查注册为审阅者
- 未经批准进行工作
On a server running Debian 8, how can I set up phabricator so that users are authenticated using a local LDAP server?
(Choosing LDAP because the same accounts should also be used by other web applications on the same server later)
Replace all occurrences of ***** with secure passwords and store them safely.
Replace all occurrences of example.com with something sensible.
Use ssh X11 tunneling for the jxplorer application if you have no local X.
apt-get install emacs aptitude dbconfig-common debconf fonts-font-awesome jq \
php5-fpm libjs-raphael php5-cli php5-curl mysql-server php5-mysql \
php5-ldap po-debconf ucf nginx php5-apcu php5-gd npm python mc git \
default-jdk jxplorer slapd xauth
New password for the mysql root user: *****
Admin password for LDAP: *****
mysql -u root -p
mysql> grant all privileges on `phabricator\_%`.* to 'phabricator'@localhost identified by '*****';
mysql> exit
dpkg-reconfigure slapd
Enter
- domain: users.example.com,
- company name: example
- everywhere else, accept the defaults
start jxplorer, connect, enter
- Base DN: dc=users,dc=example,dc=com
- Level: user + password
- User DN: cn=admin,dc=users,dc=example,dc=com
- Password: What you used earlier
save connection settings if you like
Add new users below "users" with objectClass account,simpleSecurityObject:
- uid=developer,userPassword=*****,submit
- uid=reviewer,userPassword=*****,submit
- uid=webadmin,userPassword=*****,submit
- uid=anonymous,userPassword=*****,submit
Exit jxplorer
Download debian binary packages from testing distribution: phabricator, arcanist, libphutil. Use https://packages.debian.org/testing/phabricator to find the download links
# in the directory where these 3 packages have been downloaded to
dpkg -i *.deb
phabricator domain: phabricator.example.com web server: nginx MySQL administrator account username: phabricator
Setup DNS: Either have phabricator.example.com point to your server in DNS. Or add the ip address of the server to the client's /etc/hosts file as phabricator.example.com
service nginx restart
if this fails, then issue
nginx -t
to get the error message.
if the error message is
nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32 then edit /etc/nginx/nginx.conf to include something like
http {
server_names_hash_bucket_size 64;
...
}
Open http://phabricator.example.com/ in a web browser. It displays:
Authentication Failure. Your login session is invalid. Try reloading the page and logging in again. If that does not work, clear your browser cookies.
So I reload.
On the web page:
- Phabricator Username: webadmin
- Real Name: webadmin
- Password: *****
- Email: webadmin@example.com
Open the Auth application,
- Add Authentication Provider Username/Password
- Add Authentication Provider LDAP
- Check Trust Email Addresses
- LDAP Host Name: localhost
- Base Distinguished Name: dc=users,dc=example,dc=com
- Search Attributes: uid
- Anonymous Username: uid=anonymous,dc=users,dc=example,dc=com
- Anonymous Password: what I used earlier
- Add Provider
Go to phabricator startpage, Open the people application, choose webadmin Edit settings, Authentication External Accounts, Add External Account LDAP
- LDAP Username: webadmin
- LDAP Password: what I used earlier
- Link Accounts
- Confirm Account Link
Check if login via LDAP works:
- Log out
- Log in as webadmin over LDAP
- works
The user/password Auth Provider can now be disabled. Log out and log in again to check
Check if user registration over LDAP works:
- Log out,
- LDAP Username: developer
- LDAP Password: What I set earlier
- Login/Register
- Phabricator Username: developer
- Real Name: developer
- Email: developer@example.com
- Register Phabricator account.
Account needs Approval
Log out and log in again as webadmin
- Open the People Application
- Approval Queue
- Thumb up
Go to Phabricator start page
- Open the Config Application
- Authentication
- auth.require-approval
- Set value to false
- save
Log out
Check login as developer
- works
- Log out
Check registration as reviewer
- works without approval
这篇关于在Debian Jessie上设置使用LDAP验证的制图员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
