Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3069 by LDAP auth should use fully qualified DN for user bind

What version are you running?

What steps will reproduce the problem?
1. Configure reviewboard for LDAP configuration
2. Do not fill in anonymous user/password
3. Set base DN to "", set user string to "log=%s"

What is the expected output? What do you see instead?
Users should be able to login to the reviewboard, but they get
authentication failure.

What operating system are you using? What browser?

Please provide any additional information below.
The problem is in the LDAP authentification code:
When no anonymous user/password is configured, reviewboard LDAP
code tries to authenticate the user by binding to the ldap server.
For the user dn, it self assembles the combination of given login name and base DN. In my example above, this would be "log=xyz,". This does not work on our LDAP server, as the LDAP server expects a fully qualified DN for the user.

I changed the code a bit to anonymously first search for this fully qualified DN and then using it to bind (authenticate) with the server:

1) bind_s()  bind on the ldap server anonymously
2) ldap search for the user with username and base DN (log=%s,
3) search[0][0] has the fully qualified DN of the user
4) now bind with the fully qualified DN of the user and password

I think this mechanism should work on all LDAP servers and it is
a more generic way, so it will also work on LDAP servers that
require the fully qualified user dn for authentication.

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to