Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

RTC and GIT integration using Nodejs: authentication LDAP

Questions
Tags
Users
Badges
Alberto Teodoro
(6632638) Feb 15 '17, 6:09 p.m.

Hi all,

please! Someone has been able to set up correctly the RTC integration with GIT using the new hooks based on Nodejs?
I need help! 
I've RTC 6.0.2 on RHEL 6.2 and I've followed all wiki pages and official guides of RTC for 6.0.2.
My properties configuration of LDAP authorization for NodeJS doesn't work.
My RTC configuration for LDAP instead works always fine (since many years).
Nodejs starts well.
I would like to know if anyone has succed in it and get some advice from him.
Many thanks in advance
Alberto  

0 votes

2 answers
4,105 views
0 votes

Accepted answer

Permanent link
Shubjit Naik
(1.5k1613) edited
Feb 15 '17, 11:52 p.m.

Hi Alberto


Yes we have got it working with different LDAP servers. What is your LDAP server? Microsoft AD?
Please share your ldap config from config.json.

Also, how are you testing if the LDAP configuration is successful? 
When you access the Nodejs link and authenticate, if the login is successful a blank page comes up and if not the Login prompt re-appears.

Regards
Shubjit

Alberto Teodoro selected this answer as the correct answer

1 vote

Comments
Alberto Teodoro
Feb 16 '17, 1:42 a.m.

Hi Shubjit,

many thanks ;-)
I've Microsoft AD.
Actually, when I access to my Git repo via Nodejs, I receive a blank page with the lonely word "Unauthorized".
My case:
I really hope you could help me.
Many many thanks in advance.
Ciao
Alberto

Shubjit Naik
Feb 16 '17, 4:26 a.m.

 Hi Alberto


1. I see a small config change is needed for searchFilter
Change From
"searchFilter": "(uid={{sAMAccountName}})",
TO
"searchFilter": "(sAMAccountName={{username}})",

2. The URL being accessed should match you "Git-URL-Prefixes" , as per your config it is /git so your URL would  be 

Alberto Teodoro
Feb 16 '17, 6:56 a.m.
Hi Shubjit, 
now it seems better: 
  • when I type the correct address, I can promt with my data login, but I receive the following message: "CRRTC8814E: You are not authorized to perform that Git operation.";
  • instead, when I type an incorrect address (i.e. for a git repo not existing http://server01v.rete.test/git/notexisting.git), I can promt with my data login, and I receive the white page ...
I've set the hooks in the right way for my rtcgit.git repo.
And I've also given all permission by RTC side, also if I should be expected to have the message CRRTC8814E only for the BASIC mode, not for the LDAP mode.

Ciao
Alberto    

Shubjit Naik
Feb 16 '17, 7:04 a.m.

Hi Alberto


Since all the hooks are in place, can you run through the use case in the following article and see how it works? Accessing the GIT URL is not needed for now, as the changes would be redirected from nodejs and displayed within RTC>


The section "Testing the integration" is what you could try and see if you are able to link Git Commits to RTC Work Item.

Alberto Teodoro
Feb 16 '17, 9:03 a.m.

Hi Shubjit,,
I've understood that also username is case sensitive and so I have to type exactly as it is stored for the attribute sAMAccountName in AD. In my case is all capitolized.

2 questions:

1) now I've the problem, from the browser,  when I type http://server01v.rete.test/almsvil/rtcgit.git: I can't find the git repo; when I have my authorization, I receive the response "file not found"; in my config.json I've the following properties:
"Git-Repositories-Root-Dir": "/dati/git/almsvil/"
and
"Git-URL-Prefixes": {
        "/git/almsvil": {


2) So, the authorization is made by LDAP, but only if the user is member of the RTC Project? I've right understood?
Many thanks HShubjit,
Alberto

Alberto Teodoro
Feb 16 '17, 10:31 a.m.

Hi Shubjit,
I think I've understand my new issue.
I have to set correctly the path of the property "Git-Repositories-Root-Dir", in Linux file system mode.
I've no example: the only example at https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode is for Window file system.

The property value "/git" in "Git-URL-Prefixes", for me, it needs to make the http address with a virtul host. So it "masks" in the url, my real physical address.

If you have an example for the property "Git-Repositories-Root-Dir", please, can you send me?

Many thanks
ciao
Alberto

Shubjit Naik
Feb 16 '17, 12:13 p.m.

Hi Alberto


For the questions on the previous comment, Since the Git-URL-Prefix is set to /git/almsvil , your git repo URL would be http://server01v.rete.test/git/almsvil/rtcgit.git

Git-Repositories-Root-Dir seems to set right, it is the location of your git repos, it does not a direct relation to the git URL.

Are you able to register the git repo URL in RTC?

Alberto Teodoro
Feb 16 '17, 12:36 p.m.

Hi Shubjit,
Yes, I'm able to register it, also if I receive the warning that the URI can't be find.

Now I've created a git repo into /dati/git and I've updated the config.json
I've done the steps done in the example https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode for the creation of the git repo.

The only difference that I can find, it's that in the example the git repo master is set up on a windows system, so the property "Git-Repositories-Root-Dir" has a absolute path with the C: root.
If you have Nodejs on Linux, can you check for me the absolute path set in  your "Git-Repositories-Root-Dir"? I have "/dat/git", where only git and subfolder belong to user git.
When I used with apache, the path worked properly.
Many thanks
Alberto

Shubjit Naik
Feb 16 '17, 1:12 p.m.

 Hi Alberto


The path seems fine, the git user should have read/write access to this directory. The path on my setup is /opt/gitrepo.

The warning you see if due to the git config not updated with the key from RTC.
Section "Setup: Configuring the Git repository" from the article has the steps on it.

Alberto Teodoro
Feb 16 '17, 7:00 p.m.

Hi Shubjit,
finally it worked.
I was able to do the "commit" and then the "push" to the master, linking to a RTC WI.
I've always the error for the file not found in the browser, after the authentication.
So! The absolute path was correct.
I've tried in the same server, because I've used for the cloning repo the same git version 2.11.1: my git version in my pc client is a previous version one (2.10.0.windows.1) and so I think it's not suitable for the commit and push operation with a server at a upper version.
Many many thanks
Ciao and good nigth
Alberto

Shubjit Naik
Feb 16 '17, 11:44 p.m.

Great, thanks for the update Alberto.

showing 5 of 11 show 6 more comments

One other answer

Permanent link
Alberto Teodoro
(6632638) Feb 16 '17, 1:42 a.m.

 {

    "_Comment": "The is an example configuration file used by the Node application. This file is in JSON format and every property (say, X) has a corresponding description property (X-Description), which provides a simple explanation about the property itself. To start using this file, fill in the required fields and delete this property from the file.",  
    "Version": 1,
    "Version-Description": "Version number of this config file",
    "Server-Use-HTTPS": false,
    "Server-Use-HTTPS-Description": "Boolean value that determines whether to use secure socket layer for HTTP communication",
    "Server-Key-File-Path": "",
    "Server-Key-File-Path-Description": "Absolute Path on the server to the server key file; MUST when HTTPS protocol is to be used",
    "Server-Certificate-File-Path": "",
    "Server-Certificate-File-Path-Description": "Absolute Path on the server to the certificate file; MUST when HTTPS protocol is to be used",
    "Server-Setup-HTTP-Redirector": true,
    "Server-Setup-HTTP-Redirector-Description": "Boolean value that determines if an HTTP listener has to be setup; this listener simply diverts the incoming requests to same endpoint over HTTPS",
    "Server-Port": 80,
    "Server-Port-Description": "Integer value that defines the port on which the server has to listen to",
    "Server-Socket-Timeout": 180000,
    "Server-Socket-Timeout-Description": "Timeout (in milliseconds) to be set for socket connection. Default is 3 minutes. Set to 0 for indefinite.",
    "Git-Executable-Path": "git",
    "Git-Executable-Path-Description": "Absolute path to the git executable on the server; provide the absolute path, if 'git' is not found on the PATH environment variable",
    "Git-Repositories-Root-Dir": "/dati/git/almsvil/",
    "Git-Repositories-Root-Dir-Description": "Absolute path to the directory on the server where the Git repositories are located",
    "Git-Use-NodeGit": true,
    "Git-Use-NodeGit-Description": "Boolean Value that determines if nodegit module is to be used for operating on Git repositories. Setting to true implies that nodegit module is installed and is available to this server.",
    "Auth-Profiles": {
        "Ldap-1": {
            "type": "LDAP",
            "url": "ldap://rete.test:389",
            "bindDn": "CN=USR_LDAP,OU=Service Account,DC=rete,DC=test",
            "bindCredentials": "LDAPpassword",
            "searchBase": "DC=rete,DC=test",
            "searchFilter": "(uid={{sAMAccountName}})",
            "searchAttributes": null
        },
        "Basic-1": {
            "type": "BASIC",
            "method": "GET"
        }
    },
    "Auth-Profiles-Description": "Set of authentication profiles available. It is a map - with the profile name itself being the key, and the properties being the value. The value object must contain 'type' property as one of 'LDAP', 'BASIC' (Please note that it is case-sensitive). In case of LDAP authentication, the value object should have properties pertaining LDAP authentication. Some basic properties are listed here. However, you can add others if needed. The list of properties is documented here: https://github.com/vesse/node-ldapauth-fork#ldapauth-config-options. In case of BASIC authentication, the value object should have 'url' and 'method' properties against which the HTTP Basic authentication is done. If 'method' property is absent, 'GET' is assumed.",
    "Git-URL-Prefixes": {
        "/git": {
            "authProfile": "Ldap-1"
        }
    },
    "Git-URL-Prefixes-Description": "Set of URL prefixes to be considered for the Git request. It is a map - with the prefix itself being the key, and the properties being the value. Right now the only supported property is 'authProfile' and its value can be one of the profile names in 'Auth-Profiles' configuration property. If 'authProfile' property is defined, the corresponding auth profile is applied; otherwise, no authentication is performed. In this case for example, the auth profile 'Ldap-1' will be applied for a Git repository having a url http://gitserver:9999/git/MyRepo.git since /git is the prefix to the git repository MyRepo.git"
}

0 votes

Comments
Shubjit Naik
Feb 16 '17, 4:26 a.m.

 Hi Alberto


1. I see a small config change is needed for searchFilter
Change From
"searchFilter": "(uid={{sAMAccountName}})",
TO
"searchFilter": "(sAMAccountName={{username}})",

2. The URL being accessed should match you "Git-URL-Prefixes" , as per your config it is /git so your URL would  be 

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,132
× 97
× 88
× 6

Question asked: Feb 15 '17, 6:09 p.m.

Question was seen: 4,105 times

Last updated: Feb 16 '17, 11:44 p.m.

Confirmation Cancel Confirm