Comment #3 on issue 3069 by hgloc...@gmail.com: LDAP auth should use fully qualified DN for user bind
http://code.google.com/p/reviewboard/issues/detail?id=3069

http://reviews.reviewboard.org currently gives me a 403 error.

See the diff below, but please not I am not a python developer...


--- backends.py.orig    2013-08-26 08:58:38.937586726 +0200
+++ backends.py 2013-08-26 09:04:24.114355191 +0200
@@ -204,10 +204,13 @@ class LDAPBackend(AuthBackend):
                     ldapo.bind_s(search[0][0], password)

             else :
- # Attempt to bind using the given uid and password. It may be
-                # that we really need a setting for how the DN in this is
-                # constructed; this way is correct for my system
-                userbinding=','.join([uid,settings.LDAP_BASE_DN])
+ # Bind anonymously to the server, then search for the user with the + # given base DN and uid. If user is found a fully qualified DN is + # returned. Authentication then is done with bind using this fully
+                # qualified DN.
+                ldapo.simple_bind_s()
+ search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, uid)
+                userbinding=search[0][0]
                 ldapo.bind_s(userbinding, password)

             return self.get_or_create_user(username, ldapo)


--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to