PHABRICATOR on NS

Feature
21

I think creating a new mysql user for phabricator would be the better way to go here and then grant all permissions on the phabricator database to that new mysql user.

In mysql prompt:

CREATE DATABASE database-name;
GRANT ALL PRIVILEGES ON database-name.* TO “user”@“hostname” IDENTIFIED BY “password”;

Where you can change ‘user’ to phab (or something else you like) and if you run mysql/mariadb on the same server (usualy the case on NethServer) hostname should be localhost, and where database-name is the name of the db. You can give that any name you want. It might be a good idea to name it phabricator.

22

The “cosmetics” have to be done after the install procedure explained by Dan.

23

There’s a root password for MySQL. When you’re logged in as root, MySQL reads that password from /root/.my.cnf. However, the bin/storage script isn’t smart enough to do that, even when running as root. So this command:

tells it to use the password that’s stored in /var/lib/nethserver/secrets/mysql. Edit: If your confusion was in what to type, type (or copy/paste) that exact thing–dollar sign, parens, etc.

In retrospect, I’m inclined to agree.

Edit: but it doesn’t look like it’d be enough to grant all on phabricator.* to...–Phabricator creates about 60 databases with names of phabricator_something, each with multiple tables.

24

I’ve created a repo in Phabricator and set it to observe one of my github projects, and that seems to be working as expected. If you want to work with subversion, just do yum install svn.

25

Thanks all for your efforts,
I finally managed to setup the phabricator service on my domain.
the challenge I am currently facing is with setting up ldap authentication.

has anyone managed to setup ldap authentication correctly. I have a separate nethserver setup for the ldap authentication.

kindly if possible a step by step process

26

Did you try a google search. Probably others have encountered the same.
for instance for AD: https://brablc.com/2013/08/21/phabricator-ldap-ad/
for LDAP: https://rekinyz.wordpress.com/2016/02/05/how-to-configure-the-phabricator-ldap-login/

Probably more examples. I must say that the Phabricator docs are a big MESS on this…

27

I’d say “absolutely useless” on this, as they’ve honestly been for a number of other things.

28

Advocat-of-the-devil-mode: Would docs deliberately be that useless so they can sell more hosted versions of Phabricator?
/devil-mode

29

I guess that’s their tactic.
they have made most of the documentations not usefull to sell more hosted version.
the unfortunate bit, the hosted version does not even support ldap.

I have been tinkering and having a look at the software, I managed to setup internal account manager, but it can not send email verification. getting information on how to setup smtp, no usefull information on their official documentation.

30

I noticed its impossible to install a letsencrypt ssl after installing phabricator,

31

I seriously doubt that’s the case, but I got a cert before installing it, and I use DNS validation.

Edit: I probably need to tweak the virtual host configuration so that .well-known goes to the right place. Since I use DNS validation, I don’t use that path.

Edit 2: Yeah, it’s something in the vhost configuration. I’m 99% sure you can fix it by putting the contents of /etc/httpd/conf.d/letsencrypt.conf just before the </VirtualHost> tag in the template fragment, but I won’t be able to test this for a few hours at least.

32

Looks like that answer might be here:
https://discourse.phabricator-community.org/t/how-to-start-phd-automatically/1640

33

but the article is using nginx

34

@danb35 have you managed to setup ldap, and have the phabricator to connect to nethserver ldap.

I have tried everything my knowledge and the internet could tell me, but not successful.

yet nextcloud works fine

35

I described connecting to Nethserver AD via the phab ldap module here.

What I was missing is that you have to link the admin account to an AD user. Now it works and I can login with AD user admin and manage phab.

I am going to try it with LDAP now…

EDIT:

It works with Nethserver LDAP too:

You have to create an auth provider in the auth section and choose LDAP.

LDAP Hostname: ldap://127.0.0.1
LDAP Port: 389
Base Distinguished Name: ou=People,dc=directory,dc=nh
Search Attributes: uid
Username Attribute: sn
Realname Attributes: cn

After applying the new provider and logging out you can’t login as admin anymore, to recover the admin do

/var/lib/nethserver/vhost/phab/phabricator/bin/auth recover admin

You’ll get a link to login again and then you can link the admin user to ldap with the small link symbol on the right.

I actually deleted the phab admin user and now I am completely lost but at least LDAP should work.

EDIT2:

To restore a deleted admin or make another user to admin one may use this:

/var/lib/nethserver/vhost/phab/phabricator/bin/accountadmin

2 Likes
36

since the phabricator I am using, and the nethserver installation are on two separate remote vps, I replaced

with a public ip addres to the nethserver installation.

I am still getting the error below

Unhandled Exception (“Exception”)
LDAP Exception: Failed to bind to LDAP server (as user “name@domain.tld”).
LDAP Error #-1: Can’t contact LDAP server

I have had some trouble before hosting multiple systems on one server. so this time round, for some items id prefer to separate them.also makes maintenance easier

37

Can you bind to that LDAP server from your laptop/pc manually? Is the LDAP port reachable from the outside?

38

LDAP auth isn’t working for me either, unfortunately. As with @oneitonitram, I’m trying to authenticate to another Nethserver 7.5 instance, which I’m also using as the accounts provider for the box on which I’m running Phab. It’s working as the accounts provider; I’m able to log in on the Phab box using credentials from the main box. But LDAP is pretty much voodoo and black magic, and I haven’t yet sacrificed a chicken to the relevant deities…

39

It seems you need to use LDAPS (port 636) when using remote LDAP.

LDAP Hostname: ldaps://NETHSERVER_LDAPSERVER
LDAP Port: 636

40

Still getting the same result:

[root@phabricator phabricator]# bin/auth ldap
Enter LDAP Credentials


    LDAP Username:  dan@(domain)


    LDAP Password:  
Connecting to LDAP...
[2018-07-17 18:36:35] EXCEPTION: (PhutilAuthCredentialException)  at [<phutil>/src/auth/PhutilLDAPAuthAdapter.php:440]
arcanist(head=master, ref.master=875d01836037), phabricator(head=master, ref.master=4214b56a4f4f), phutil(head=master, ref.master=4206849bb05b)
  #0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [<phutil>/src/auth/PhutilLDAPAuthAdapter.php:481]
  #1 PhutilLDAPAuthAdapter::bindLDAP(resource, string, PhutilOpaqueEnvelope) called at [<phutil>/src/auth/PhutilLDAPAuthAdapter.php:251]
  #2 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [<phutil>/src/auth/PhutilLDAPAuthAdapter.php:161]
  #3 PhutilLDAPAuthAdapter::getLDAPUserData() called at [<phutil>/src/auth/PhutilLDAPAuthAdapter.php:114]
  #4 PhutilLDAPAuthAdapter::getAccountID() called at [<phabricator>/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
  #5 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:441]
  #6 PhutilArgumentParser::parseWorkflowsFull(array) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:333]
  #7 PhutilArgumentParser::parseWorkflows(array) called at [<phabricator>/scripts/setup/manage_auth.php:21]
[root@phabricator phabricator]#

Same result when I try it without the domain.