| 21 Jan 2022 |
 ajs124 | I only remember the substring thing, where it removes the first 6 characters (hydra-) from the groups it gets from LDAP 😬 | 14:25:03 |
 kenran_ | The manual describes those groups as hydra_admin with underscore instead of dash. Does that make a difference? | 15:07:48 |
| kenran_ | We can't get it to work, even though we've created the groups, but have to stop now. Do you have any tips on how to get actual feedback what went wrong? | 15:08:27 |
 das_j | Redacted or Malformed Event | 15:08:45 |
 @grahamc:nixos.org | I would be cautious about making the assumption that it'd work like that forever without it being documented as being a thing | 15:12:48 |
| @grahamc:nixos.org | especially since I think you just dropped a possibly CVE-worthy bug in chat | 15:14:10 |
| kenran_ | I don't think I'll get it to work without any debug output. I can't even tell if my connection to LDAP even works. | 15:19:13 |
| @grahamc:nixos.org | kenran_: https://github.com/NixOS/hydra/pull/1129 | 15:42:00 |
| @grahamc:nixos.org | and a follow-up: https://github.com/NixOS/hydra/pull/1130 | 15:42:43 |
| kenran_ | grahamc (he/him): nice, thanks! | 15:46:07 |
| @grahamc:nixos.org | yep! I'd hit something similar recently but thought I was doing it wrong | 15:46:20 |
| kenran_ | I also opened a PR right now, found a nasty typo: https://github.com/NixOS/hydra/pull/1131 | 15:46:29 |
| @grahamc:nixos.org | oh cool | 15:46:40 |
| kenran_ | You wouldn't happen to know if there's a way to see some debut output for the LDAP access? I've tried setting debugServer = true;, but don't see output about this aspect. | 15:47:42 |
| kenran_ | * You wouldn't happen to know if there's a way to see some debug output for the LDAP access? I've tried setting debugServer = true;, but don't see output about this aspect. | 15:48:03 |
| @grahamc:nixos.org | lets see .. | 15:48:52 |
| @grahamc:nixos.org | I've only got a few minutes left before I need to move to some paid work but let's see what I can do | 15:49:14 |
| kenran_ | Oh, no need to do anything right now, I'd just have asked at some point next week otherwise. I can live just fine with the manually created admin users for now! | 15:49:59 |
| kenran_ | Please prefer your paid work over this :D | 15:50:18 |
| das_j | you can pass options to Net::LDAP->new(): https://metacpan.org/pod/Catalyst::Authentication::Store::LDAP#ldap_server_options | 15:50:42 |
| das_j | (from the yaml) | 15:50:46 |
| das_j | one of these options can be debug | 15:50:52 |
| @grahamc:nixos.org | nice! a PR with that in the docs would be great | 15:51:02 |
| kenran_ | Thanks! | 15:52:49 |
| @grahamc:nixos.org | if I could get a review on these doc updates that'd be great: https://github.com/NixOS/hydra/pull/1129
| 16:14:16 |
| @grahamc:nixos.org | das_j: do you have an example of passing debug? | 17:24:54 |
| @grahamc:nixos.org | ah:
store:
class: LDAP
ldap_server: localhost
ldap_server_options:
timeout: 30
debug: 2
| 17:29:06 |
| @grahamc:nixos.org | ma27: we should probably update hydra in nixpkgs and backport it for this LDAP fix | 18:02:00 |
| @grahamc:nixos.org | though maybe that is spooky to do on stable, could just backport that patch to stable | 18:02:18 |
| das_j | nix --extra-experimental-features nix-command\ flakes build .#hydraJobs.tests.ldap.x86_64-linux | 18:35:03 |
