You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Stefan Chirila <sc...@gmail.com> on 2013/09/21 23:09:14 UTC
Allura setup with Active Directory
Hi,
I'm currently trying to setup the allura at work. I'm currently using the
vagrant image for this purpose.
Here's what I'm trying to achieve (objective):
1. Users at work should be able to register/login to allura with their
Active Directory credentials (through LDAP)
2. Users should be allowed to create projects in allura and allow other
people to join their development efforts.
3. Authenticated users should be able to use git to pull, push changes to
the repository.
4. The git repository will be, at one point in the future, integrated with
Jenkins. So proper setup should be done for Git.
Main challenges with current version of Allura (via vagrant setup):
1. LDAP setup with schroot is not clear enough. Maybe documentation should
be updated to explain also the logic of the steps (like fuse driver setup,
ldap configuration, etc.). For example why the linking of /git and /hg to
/var/chroots/scm was done. It doesn't mention where to mention these /git
and /hg after this. (should they be set in the ini somewhere or it's
programmatically used when ldap is used).
2. GIT repository setup. What needs to be changed in the .ini, to allow
users to access the git repository and to make changes to it (push)
considering the setup above. Currently it's not documented how the
scm.repos.root needs to be set in case of a schroot setup.
3. Additional setup steps regarding running it from vagrant. Which ports
need to be forward, to make git access work.
This is so far what I'm trying to achieve.
Thanks to anyone reading this and having some insights to share on the
above matter.
Best regards,
Stefan Chirila
Re: Allura setup with Active Directory
Posted by Dave Brondsema <da...@brondsema.net>.
And if there are further changes to make (e.g. disallow registration and have
the login process create the user record in Allura as needed), we'd definitely
be open to making those changes. If you're a developer and interested in trying
to make any modifications, we'll be glad to help and advise.
-Dave
On 9/30/13 2:53 PM, Cory Johns wrote:
> Hi Stefan,
>
> Sorry for the delayed response. You're right, unfortunately, that the
> documentation needs work. The repo paths are determined by combining the
> scm.repos.root setting from the .ini with the tool type name (git, hg,
> svn). Since scm.repos.root defaults to / if not set in the .ini, the
> default behavior is for Allura to look for the repos at /git, /hg, /svn,
> etc. So it should be possible to set scm.repos.root to /var/chroots/scm
> instead of creating the symbolic links. However, the docs actually say to
> point all of the individual repo dirs to /var/chroots/scm directly, which
> would probably commingle the different repo types instead of having them
> separated by tool type. It should function the same in Allura either way,
> though.
>
> To allow git remote access, you need to enable ssh access to the repo
> paths. The fuse driver handles authentication by making an API call to
> Allura with the user and path being accessed, so as long as the user can
> log into Allura and the fuse driver and ssh is configured, they will have
> push and pull access to their own repos. This does mean that the ssh
> username needs to match the Allura username, but if ssh and Allura are both
> configured for LDAP, this should be the case.
>
>
>
> On Sat, Sep 21, 2013 at 5:09 PM, Stefan Chirila <sc...@gmail.com> wrote:
>
>> Hi,
>>
>> I'm currently trying to setup the allura at work. I'm currently using the
>> vagrant image for this purpose.
>> Here's what I'm trying to achieve (objective):
>> 1. Users at work should be able to register/login to allura with their
>> Active Directory credentials (through LDAP)
>> 2. Users should be allowed to create projects in allura and allow other
>> people to join their development efforts.
>> 3. Authenticated users should be able to use git to pull, push changes to
>> the repository.
>> 4. The git repository will be, at one point in the future, integrated with
>> Jenkins. So proper setup should be done for Git.
>>
>> Main challenges with current version of Allura (via vagrant setup):
>> 1. LDAP setup with schroot is not clear enough. Maybe documentation should
>> be updated to explain also the logic of the steps (like fuse driver setup,
>> ldap configuration, etc.). For example why the linking of /git and /hg to
>> /var/chroots/scm was done. It doesn't mention where to mention these /git
>> and /hg after this. (should they be set in the ini somewhere or it's
>> programmatically used when ldap is used).
>> 2. GIT repository setup. What needs to be changed in the .ini, to allow
>> users to access the git repository and to make changes to it (push)
>> considering the setup above. Currently it's not documented how the
>> scm.repos.root needs to be set in case of a schroot setup.
>> 3. Additional setup steps regarding running it from vagrant. Which ports
>> need to be forward, to make git access work.
>>
>> This is so far what I'm trying to achieve.
>> Thanks to anyone reading this and having some insights to share on the
>> above matter.
>>
>> Best regards,
>> Stefan Chirila
>>
>
--
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
Re: Allura setup with Active Directory
Posted by Cory Johns <cj...@slashdotmedia.com>.
Hi Stefan,
Sorry for the delayed response. You're right, unfortunately, that the
documentation needs work. The repo paths are determined by combining the
scm.repos.root setting from the .ini with the tool type name (git, hg,
svn). Since scm.repos.root defaults to / if not set in the .ini, the
default behavior is for Allura to look for the repos at /git, /hg, /svn,
etc. So it should be possible to set scm.repos.root to /var/chroots/scm
instead of creating the symbolic links. However, the docs actually say to
point all of the individual repo dirs to /var/chroots/scm directly, which
would probably commingle the different repo types instead of having them
separated by tool type. It should function the same in Allura either way,
though.
To allow git remote access, you need to enable ssh access to the repo
paths. The fuse driver handles authentication by making an API call to
Allura with the user and path being accessed, so as long as the user can
log into Allura and the fuse driver and ssh is configured, they will have
push and pull access to their own repos. This does mean that the ssh
username needs to match the Allura username, but if ssh and Allura are both
configured for LDAP, this should be the case.
On Sat, Sep 21, 2013 at 5:09 PM, Stefan Chirila <sc...@gmail.com> wrote:
> Hi,
>
> I'm currently trying to setup the allura at work. I'm currently using the
> vagrant image for this purpose.
> Here's what I'm trying to achieve (objective):
> 1. Users at work should be able to register/login to allura with their
> Active Directory credentials (through LDAP)
> 2. Users should be allowed to create projects in allura and allow other
> people to join their development efforts.
> 3. Authenticated users should be able to use git to pull, push changes to
> the repository.
> 4. The git repository will be, at one point in the future, integrated with
> Jenkins. So proper setup should be done for Git.
>
> Main challenges with current version of Allura (via vagrant setup):
> 1. LDAP setup with schroot is not clear enough. Maybe documentation should
> be updated to explain also the logic of the steps (like fuse driver setup,
> ldap configuration, etc.). For example why the linking of /git and /hg to
> /var/chroots/scm was done. It doesn't mention where to mention these /git
> and /hg after this. (should they be set in the ini somewhere or it's
> programmatically used when ldap is used).
> 2. GIT repository setup. What needs to be changed in the .ini, to allow
> users to access the git repository and to make changes to it (push)
> considering the setup above. Currently it's not documented how the
> scm.repos.root needs to be set in case of a schroot setup.
> 3. Additional setup steps regarding running it from vagrant. Which ports
> need to be forward, to make git access work.
>
> This is so far what I'm trying to achieve.
> Thanks to anyone reading this and having some insights to share on the
> above matter.
>
> Best regards,
> Stefan Chirila
>