| 21 Jan 2022 |
 @grahamc:nixos.org | In reply to @kenran_:matrix.org
Sure; it's nixos-unstable though, does that make a difference? Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. | 13:02:22 |
 kenran_ | In reply to @grahamc:nixos.org
Worth doing to look in to anyway. Most of my clients run a hydra from master or close to master, and if it is fixed there, that’s great :). But I doubt it is. https://github.com/NixOS/hydra/issues/1128 | 13:19:37 |
| @grahamc:nixos.org | Thanks! | 13:20:02 |
| @grahamc:nixos.org | It occurs to me this test is not very good :). https://github.com/NixOS/hydra/blob/master/t/scripts/hydra-create-user.t | 13:33:12 |
| @grahamc:nixos.org | hum. no, the test is fine. the instructions are not. | 14:05:12 |
| @grahamc:nixos.org | [nix-shell:~/projects/github.com/NixOS/hydra]$ argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
foobar
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$VQBhlFLbcfqg7zMMPC6yUg
[nix-shell:~/projects/github.com/NixOS/hydra]$ echo -n foobar | argon2 myargon2salt -id -t 3 -k 262144 -p 1 -l 16 -e
$argon2id$v=19$m=262144,t=3,p=1$bXlhcmdvbjJzYWx0$JPC5oN19OhwpmzRs98CUjA
| 14:08:25 |
| @grahamc:nixos.org | maybe there should be a --password-prompt option? | 14:10:52 |
| kenran_ | In reply to @kenran_:matrix.org
Cool, thanks! I skimmed the relevant part of the docs and it looked as if the only part I'd have to worry about would be our inhouse LDAP stuff honestly, and I hope to get that working with the colleague who maintains that. Can I see somehow whether LDAP access is "enabled" for the hydra-server? I've added the variable HYDRA_LDAP_CONFIG pointing to the mentioned yaml file to my environment.variables, and then rebooted. Was that correct? | 14:14:01 |
| kenran_ | I still only see the "Sign in with a Hydra account" option, though that might just be the only one. Still getting "Bad username or password". | 14:16:45 |
 ajs124 | It's the same signin menu and same accounts. It just checks LDAP for auth and takes the groups from it and writes them to the database. | 14:22:38 |
 das_j | In reply to @andreas.schraegle:helsinki-systems.de
It's the same signin menu and same accounts. It just checks LDAP for auth and takes the groups from it and writes them to the database. To be more precise: You need to be in a group called hydra-user or hydra-admin | 14:23:14 |
| das_j | (or just hydra-admin?) | 14:23:31 |
| ajs124 | you do? | 14:23:35 |
| ajs124 | I only remember the substring thing, where it removes the first 6 characters (hydra-) from the groups it gets from LDAP 😬 | 14:25:03 |
| kenran_ | The manual describes those groups as hydra_admin with underscore instead of dash. Does that make a difference? | 15:07:48 |
| kenran_ | We can't get it to work, even though we've created the groups, but have to stop now. Do you have any tips on how to get actual feedback what went wrong? | 15:08:27 |
| das_j | Redacted or Malformed Event | 15:08:45 |
| @grahamc:nixos.org | I would be cautious about making the assumption that it'd work like that forever without it being documented as being a thing | 15:12:48 |
| @grahamc:nixos.org | especially since I think you just dropped a possibly CVE-worthy bug in chat | 15:14:10 |
| kenran_ | I don't think I'll get it to work without any debug output. I can't even tell if my connection to LDAP even works. | 15:19:13 |
| @grahamc:nixos.org | kenran_: https://github.com/NixOS/hydra/pull/1129 | 15:42:00 |
| @grahamc:nixos.org | and a follow-up: https://github.com/NixOS/hydra/pull/1130 | 15:42:43 |
| kenran_ | grahamc (he/him): nice, thanks! | 15:46:07 |
| @grahamc:nixos.org | yep! I'd hit something similar recently but thought I was doing it wrong | 15:46:20 |
| kenran_ | I also opened a PR right now, found a nasty typo: https://github.com/NixOS/hydra/pull/1131 | 15:46:29 |
| @grahamc:nixos.org | oh cool | 15:46:40 |
| kenran_ | You wouldn't happen to know if there's a way to see some debut output for the LDAP access? I've tried setting debugServer = true;, but don't see output about this aspect. | 15:47:42 |
| kenran_ | * You wouldn't happen to know if there's a way to see some debug output for the LDAP access? I've tried setting debugServer = true;, but don't see output about this aspect. | 15:48:03 |
| @grahamc:nixos.org | lets see .. | 15:48:52 |
| @grahamc:nixos.org | I've only got a few minutes left before I need to move to some paid work but let's see what I can do | 15:49:14 |
