#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------+---------------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: new
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Keywords: QGIS, Plugins, LDAP
---------------------------+---------------------------------
We have deployed a new server for our https://plugins.qgis.org/ web site.
In order for users to upload their plugins, they need to authenticate
using their OSGEO credentials,
Could you please whitelist the new server?
IP Address: 23.88.115.87
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: new
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution:
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Comment (by timlinux):
Just a small update to our request. We will rather set up a floating IP
for this host. We will shortly also be migrating feed.qgis.org to a new
server and so could I ask that you please whitelist these two IP's,
ignoring the request above.
5.75.209.57 - feed.qgis.org
5.75.213.195 - plugins.qgis.org
--
Ticket URL: <#3177 (Whitelist new QGIS Plugin Server for LDAP) – OSGeo;
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: closed
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution: fixed
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Changes (by jef):
* status: new => closed
* resolution: => fixed
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177#comment:2>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: reopened
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution:
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Changes (by timlinux):
* status: closed => reopened
* resolution: fixed =>
Comment:
Hi Jürgen
Thanks for helping with this.
We are still unable to connect to the server.
Here is a query test:
root@uwsgi:/home/web/django_project# ldapsearch -d1 -x -LLL -H
ldaps://ldap.osgeo.org -b "dc=osgeo,dc=org" "(uid=timlinux)"
ldap_url_parse_ext(ldaps://ldap.osgeo.org)
ldap_create
ldap_url_parse_ext(ldaps://ldap.osgeo.org:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.osgeo.org:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 140.211.15.57:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
^C
To verify that I can make outbound connections on port 636, I ran a simple
http server on the same port on the old plugin server and attempted to
connect to it from the new server (from inside the container that is the
ldap client). This works:
root@uwsgi:/home/web/django_project# ldapsearch -d1 -x -LLL -H
ldaps://78.47.42.111 -b "dc=osgeo,dc=org" "(uid=timlinux)"
ldap_url_parse_ext(ldaps://78.47.42.111)
ldap_create
ldap_url_parse_ext(ldaps://78.47.42.111:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 78.47.42.111:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 78.47.42.111:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: can't connect: An unexpected TLS packet was received..
(The unexpected packet being because the remote side was just a regular
http server).
Also to note, I have bound the docker daemon on the new plugin server to
the correct IP (to use the floating IP) and I confirmed on the http simple
server side that the incoming connection was sourced from the IP we asked
you to whitelist above (5.75.213.195 ).
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177#comment:3>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: closed
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution: fixed
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Changes (by jef):
* status: reopened => closed
* resolution: => fixed
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177#comment:4>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: closed
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution: fixed
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Comment (by robe):
Just checking if these are live yet and if we can remove the others.
I'm in the process of moving ldap.osgeo.org to osgeo9, and planning to
only add the ones that are still needed.
Right now for qgis.org we have the following whitelisted for ldap
{{{
5.75.213.195
5.75.209.57
159.69.111.168 #remove? added as part of #2275
78.47.42.111 #remove? added as part of #2398
144.76.174.102 # remove? for ldaps qgis dedicated ask jef
138.201.194.207 # remove? for ldaps qgis dedicated ask jef
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177#comment:5>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.
#3177: Whitelist new QGIS Plugin Server for LDAP
---------------------------------+----------------------------
Reporter: timlinux | Owner: sac-tickets@…
Type: task | Status: closed
Priority: critical | Milestone: Unplanned
Component: SysAdmin/LDAP | Resolution: fixed
Keywords: QGIS, Plugins, LDAP |
---------------------------------+----------------------------
Comment (by robe):
I've moved ldap.osgeo.org to osgeo9, let me know if you run into any
issues.
I still have the osgeo7 one live, but plan to turn it off before the end
of the week. Right now all stuff should be writing to osgeo9, since I
hard-coded for the time being for the new id.osgeo.org to point to the one
on osgeo9
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/3177#comment:6>
OSGeo <Gter - OSGeo;
OSGeo committee and general foundation issue tracker.