Hi,
I’m attempting to setup LDAP authentication with Continua using active directory so our users can use windows login, but this is all very new to me. I’ve configured the config file and restarted the service, but the Continua page just hangs at “LDAP Synchroniser: Updating groups”. It’s been stuck there for hours, so I assume it’s not going to proceed. What might this indicate? An issue with our group perhaps? I don’t have any direct control over the groups themselves as they’re all managed by our IT service department, but I’ve chosen a group from the active directory that I should be a member of and set the ‘administratorsGroup’ parameter to the group name. The service restarts okay but then doesn’t get past the ‘configurating authentication’ page.
These are the last few steps of the config page:
-Running LDAP Synchroniser
-LDAP Synchroniser: Retrieving administrator
-LDAP Synchroniser: Retrieving groups and users
-LDAP Synchroniser: No current LDAP users were found - running full LDAP Synchronisation before running application
-LDAP Synchroniser: Updating groups
Any ideas?
Regards,
Tried with a number of different groups also.
Hi Luke
That looks normal… updating groups is the last thing logged in the ldap sync code if all is well. You will need to enable debug logging and send us the log file (to support@finalbuilder.com) so we can see where it is getting stuck :
http://wiki.finalbuilder.com/display/continua/Debug+Logging
Hi Luke,
Thanks for sending the log file. The issue is with the size of the domain - Continua is busy iterating through 110428 Active Directory groups!
By default, Continua queries the full list of groups in the domain so that you can select them on the Groups administration page. You can restrict this to groups which are within an LDAP organisational unit or container using the groupsContainer attribute on the continua-configuration/authentication node in the service configuration file.
eg.
<authentication mode=“Mixed” fqdn=“office.company.com” administratorsGroup=“Continua Administrators” groupsContainer=“OU=Continua,DC=Office,DC=Company,DC=com” />In this case the Continua Administrators group and any other groups you want to use with Continua must be located under the Continua OU. Note that Continua users can be located anywhere in the domain but must be members of groups located under the groupsContainer if specified.
See also Authentication mode configuration in the documentation
We plan to update the administration pages to use a group search rather than presenting a list of groups. This will make the requirement to iterate through all groups redundant, however it will be a while before this is implemented.
Thanks Dave - I specified an OU and it cut the number of groups down significantly, it logs me in successfully now and I’m listed on the users admin page as expected.
However I have a strange problem that was not occurring previously… When I first log in, all my projects/configurations are visible as normal, then after about 10 seconds the page refreshes and my projects/configurations all disappear and I get “no configurations were found”. The projects drop down menu is also blank.
If I then refresh the page manually they all reappear as normal - and then disappear again after another 10 seconds. The dropdown menu seems to stay blank regardless if the projects/configs are visible. This seems to happen regardless of what machine I access the site from or what browser I use. My projects are still listed in the projects admin section as normal.
Also, in the users admin section, if I try and edit users or sync the list of users in the active directory group, I get the error “An unexpected error occurred whilst performing an AJAX request with the web server. Please try again.” Not sure if I’ve done something incorrectly with the IIS configuration, I did follow the wiki page on IIS 7 setup but might’ve missed something.
I’m using the latest build (1.5.0.317). I’ve sent another log file by email incase this helps.
Regards,
Additional: if I attempt to reset my global repository, I get redirected to the homepage with the following message appearing in the event log:
Exception: FaultException`1
Message: You have been redirected to the homepage as you are not logged in or your session has timed out. The page you tried to access requires the following permission ‘ManageCIServer Administration’.
Stack Trace: at Continua.Modules.Builds.Services.RepositoryService.ResetRepository(Guid id)
at SyncInvokeResetRepository(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
Perhaps this is the same reason my projects/configs are disappearing. Continua appears to keep me logged in though.
Hi Luke,
This sounds like a cookie issue. Which web browser are you using? I assume you have cookies enabled as it previously worked with forms authentication. This may be a conflict with an old cookie. Can you delete all cookies for the server domain (specifically .ContinuaAuth and ASP.NET_SessionId), then restart your browser.
Also check the following line is in the web.config file under %ProgramFiles%\VSoft Technologies\ContinuaCI\Web
<authentication mode=“Forms”> <forms name=".ContinuaAuth" loginUrl="~/account/login" timeout=“30” slidingExpiration=“true”/> authentication>
Hi Dave, looks like the web.config was the issue. Authentication mode was set to “Windows” (which I thought would be correct as I’m using LDAP?), but I changed it to “Forms” and everything seems to be working now. Thanks!
Unrelated side question: is it possible to set the default project view for all users? (e.g. when they login for the first time)
Hi Luke,
Great that this is working now. Note that we use a WindowsAuthentication child web application to authenticate with LDAP - the main site still uses Forms authentication allowing the Mixed mode scenario. Unfortunately there is currently no default setting for the project view, but I’ll add this feature to the back log.