Opened 10 years ago

Last modified 5 years ago

#482 accepted enhancement

LDAP authentication of build requests

Reported by: ipv6guru Owned by: jollyroger
Priority: patches-accepted Milestone: 0.9.+
Version: 0.7.10 Keywords:
Cc: cardoe@…, rutsky.vladimir@…

Description (last modified by dustin)

Here's a patch against buildbot 0.7.2 that allows you to specify a build authenticator when creating a waterfall display. 2wire uses this because our production builds are expensive - it takes lots of time to run the performance regression suite and lots of storage to keep build products around indefinitely.

The build authenticator I've included is an LDAP one that requires the ldaptor 0.0.43 module from http://www.inoi.fi/open/trac/ldaptor/.

In hindsight, I probably should have done it as an attribute to each builder rather than to the waterfall display. Our unittest builds aren't that expensive, but for now people will just have to wait for the p4poller to notice changes.

It's lightly tested by hand. Not sure how to unit test this.

Example usage for an ActiveDirectory? server:

from ldaptor import pureldap
from buildbot import ldapauth

build_authenticator=ldapauth.LDAPAuthenticationSource(
base_dn='cn=Users,dc=corp,dc=2wire,dc=com',
attr='sAMAccountName',
bind_dn='cn=ldap_queries,cn=Users,dc=corp,dc=2wire,dc=com',
bind_pw='<censored>',
filter=pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('memberOf'),
assertionValue=pureldap.LDAPAssertionValue(
'CN=Build 
Engineering,CN=Users,DC=corp,DC=2wire,DC=com')
)
)

c['status'].append(html.Waterfall(http_port=8010,
build_authenticator=build_authenticator))

Attachments (1)

buildbot-auth.patch (11.3 KB) - added by ipv6guru 10 years ago.

Download all attachments as: .zip

Change History (11)

Changed 10 years ago by ipv6guru

comment:1 Changed 10 years ago by ipv6guru

Moved from sourceforge

comment:2 Changed 10 years ago by dustin

It would be interesting to see this merged into the new IAuth stuff..

comment:3 Changed 9 years ago by dustin

  • Cc cardoe@… added

Doug, what do you think?

comment:4 Changed 9 years ago by dustin

  • Milestone changed from undecided to 0.7.+

comment:5 Changed 9 years ago by dustin

  • Keywords sourceforge 469500 removed

comment:6 Changed 9 years ago by dustin

  • Description modified (diff)
  • Type changed from defect to enhancement

comment:7 Changed 8 years ago by jollyroger

  • Owner set to jollyroger
  • Status changed from new to accepted

comment:8 Changed 6 years ago by tom.prince

  • Priority changed from major to patches-accepted

This is probably best done by fixing #2429, and then using ldaptor's cred plugin.

comment:9 Changed 6 years ago by dustin

  • Milestone changed from 0.8.+ to 0.9.+

comment:10 Changed 5 years ago by rutsky

  • Cc rutsky.vladimir@… added
Note: See TracTickets for help on using tickets.