Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
damian1976
@damian1976
ok but when you type ralph address in the browser it tries to go http:// by default, so something should redrects you to 443 (https)
Pete
@kasim1r
that went away after i did the nginx settings you mentioned (linuxfaq)
which in my understanding means that nginx needs to tell the next instance (=ralph) that "hey, we're using ssl here"
so that ralph can return the correct URLs
so now, when i go to https://ralph.private.domain/, it correctly redirects me to https://ralph.private.domain/login/?next=/
and also the API URLs are correct
damian1976
@damian1976
ok
the message you had "cannot redirect from 80 to 443, port 80 not allowed" when starting nginx is because you started django also on port 80 (DJANGO_SETTINGS_MODULE=ralph.settings.local ralph runserver)
what I do (guys correct me if I'm wrong) is that I start django/ralph on 8000. then in nginx in "server 80" section redirect to 443 , and in "server 443" section "capture" 8000 port by
location / {
                proxy_pass http://address:8000;
        }
damian1976
@damian1976
so both 80 and 8000 calls are redirected to 443
Pete
@kasim1r
that's not a message from nginx, it was just what I told you
damian1976
@damian1976
ok
Pete
@kasim1r
because the target machine's port 80 is not reachable, it wouldn't make sense to redirect 80 to 443
Pete
@kasim1r
how can I populate the business_ownersand technical owners fields?
(in a virtual server)
Pete
@kasim1r
setting them via PATCH method doesn't change them
but also doesn't return an error
curl -k -H "Content-Type: application/json" -H "Authorization: Token f38a12d6b0dd3457b8c464789c90fad6fa5adfd0" -XPATCH "https://ralph.private.domain/api/virtual-servers/76/" -d '{"business_owners": "RonL"}'
Mateusz Kurek
@mkurek
this field is ignored in patch/put/post - it's taken from service owenrs
*owners
in other words, read serialization is different than write serialization
Pete
@kasim1r
would you mind posting a dump of your (working) LDAP settings?
Pete
@kasim1r
please?
✪ vi4m Marcin Kliks
@vi4m
any problems with ldap?
Pete
@kasim1r
ldap.FILTER_ERROR: {'desc': 'Bad search filter'}
on ldap_sync
just like the guy in the issue
✪ vi4m Marcin Kliks
@vi4m
@ar4s will help you with it
Pete
@kasim1r
and nobody posted an actual solution
cool
Arkadiusz Adamski
@ar4s
Pete
@kasim1r
wow ok, i will try to adapt that to my stuff
thanks, mate
Arkadiusz Adamski
@ar4s
BTW I'm not expert of LDAP but I do my best :smile:
Please also note that variable AUTH_LDAP_USER_FILTER starts with (|( and ends with ))
Pete
@kasim1r
you guys are not mapping anyone to "staff"?
if user is active then is staff
Pete
@kasim1r
aha, great
Pete
@kasim1r
ok, that did work without errors
I even see group mappings, just no users were imported
or will the ralp user accounts be generated when they first log in?
*ralph
I already saw that with one other person, the account was auto-generated when they logged in with their AD credentials, but I had to manually tick the "staff" and "active" options in the user account
Pete
@kasim1r
tried with a test user now. his account got auto-generated, but not "active", not "staff"
Arkadiusz Adamski
@ar4s
maybe try
AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=active,ou=groups,dc=example,dc=com", "is_staff": ["cn=staff,ou=groups,dc=example,dc=com", "cn=admin,ou=groups,dc=example,dc=com"], "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com" }
Pete
@kasim1r
okay
ivanususu
@ivanususu
can someone tell me how to swap the rack around? RU1 to be on top and RU46 on bottom?
Pete
@kasim1r
OK, nesting obivously only works for "normal" ralph groups, f.e. "Support" or "Admins"
not for AUTH_LDAP_GROUP_MAPPINGor AUTH_LDAP_USER_FLAGS_BY_GROUP