Gerrit and Active Directory

Question

I'm trying to set up Gerrit to use our corporate Active Directory for authentication. I know plenty of people have managed to get this to work but it just won't work for me.

If I run an ldapsearch command as follows I get the correct result, so I know my search strings are correct:

ldapsearch -h myserver -b "CN=Users,DC=mycompany,DC=com" -D "CN=adam,CN=Users,DC=mycompany,DC=com" -w mypassword "(sAMAccountName=adam)"

But using these same settings in my Gerrit config doesn't work:

[auth]
    type = LDAP
[ldap]
    server = ldap://myserver
    accountBase = CN=Users,DC=mycompany,DC=com
    groupBase = OU=Gerrit,DC=mycompany,DC=com
    user = CN=adam,CN=Users,DC=mycompany,DC=com
    password = mypassword
    referral = follow
    accountPattern = (sAMAccountName=${username})
    groupPattern = (cn=${groupname})
    accountFullName = displayName
    accountMemberField = memberOf
    accountEmailAddress = mail

When I try to log in using my account I get the following exception in etc/error_log:

[2012-05-04 10:03:04,595] ERROR com.google.gerrit.server.auth.ldap.LdapRealm : Cannot query LDAP to autenticate user
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece^@]; remaining name 'CN=Users,DC=mycompany,DC=com'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3072)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762)
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1779)
    [...]

Has anyone set up a similar configuration that might be able to help?

Answer 1

Sorry guys, my fault here. In my config I'm using ldap.user as my setting name instead of ldap.username. Once I changed that my AD binding works properly.