Adding the following line in authenticate function of ActiveDirectoryBackend
class after import ldap allowed me to get over this issue:

def authenticate():
    import ldap
+  ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

Christian,
It looks like there might be lot more in a similar situation. If such an
option is not already there or being worked on, will be you be interested in
me working on a patch to take this option in the ActiveDirectory settings
page?
thanks,
Ravi.

On Sat, Mar 6, 2010 at 3:23 PM, Ravi Kondamuru <arkay.al...@gmail.com>wrote:

> I spend some more time understanding the problem. I found that without TLS
> LDAP authentication is fine but fails when TLS is enabled, I am beginning to
> think that the issue due to the Active Directory being self-signed. TLS
> handshake might be aborting due to certificate being from an unknown CA. Is
> there a way to make python-ldap accept the certificate inspite of unkown CA?
> I am looking online but thought will sound it off to the group to see if any
> one resolved this issue.
> thanks,
> Ravi.
>
>
> On Tue, Mar 2, 2010 at 2:52 PM, Christian Hammond <chip...@chipx86.com>wrote:
>
>> Is this only happening with the newer release, and not an older one? I
>> don't know what would have changed to affect this between the releases.
>>
>> I recommend checking the log file (assuming logging is turned on) and
>> seeing if there are any errors.
>>
>>
>> Christian
>>
>> --
>> Christian Hammond - chip...@chipx86.com
>> Review Board - http://www.reviewboard.org
>> VMware, Inc. - http://www.vmware.com
>>
>>
>> On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru <arkay.al...@gmail.com>wrote:
>>
>>> Hi Christian,
>>>
>>> After restarting apache. the admin login is failing. I cant login using
>>> the AD username/passwd login also.
>>> Since login page is using SSL and I setup LDAP to use TLS, I cant see
>>> whats going on.
>>> I am guessing for admin user, RB is authenticating with AD. But I cant
>>> explain why AD user authentication is failing.
>>>
>>> Atleast the login page now is always showing the banner to "login with
>>> standard username and password".
>>> Previously that was changing with each refresh.
>>>
>>> I will just rebuild the site or else revert to a previous release and
>>> check there.
>>>
>>> thanks,
>>> Ravi.
>>>
>>>
>>> On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond 
>>> <chip...@chipx86.com>wrote:
>>>
>>>> Hi Ravi,
>>>>
>>>> This all sounds like the settings saving bug. Try saving your auth
>>>> settings and then restarting Apache.
>>>>
>>>> What's happening is that different Apache threads are seeing different
>>>> versions of the settings, instead of staying in sync like they should be. 
>>>> So
>>>> depending on what instance is handling your request, it may be using your
>>>> auth settings, or it may not.
>>>>
>>>>
>>>> Christian
>>>>
>>>> --
>>>> Christian Hammond - chip...@chipx86.com
>>>> Review Board - http://www.reviewboard.org
>>>> VMware, Inc. - http://www.vmware.com
>>>>
>>>>
>>>> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru 
>>>> <arkay.al...@gmail.com>wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I am seeing that authentication is failing most of the times. Once in a
>>>>> while it succeeds. I am currently running 1.5beta1. Any known issues with
>>>>> Active Directory (AD) backend? I found a few posts that referred to making
>>>>> sure ldap and DNS modules were available. I did confirm that.
>>>>>
>>>>> Also, the authentication settings at  /admin/settings/authentication
>>>>> dont seem to be saved correctly. After saving AD settings in 
>>>>> authentication,
>>>>> if i navigate back to authentication page, it shows standard registration
>>>>> selected. Sometimes navigating away and returning to this authentication
>>>>> page shows AD settings again. So I am not sure where to look for to find 
>>>>> the
>>>>> issue. Any one seen similar issue have a workaround or where I can see in
>>>>> code to figure out?
>>>>>
>>>>> thanks,
>>>>> Ravi.
>>>>>
>>>>> ar...@dev:~$ python
>>>>> Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15)
>>>>> [GCC 4.4.1] on linux2
>>>>> Type "help", "copyright", "credits" or "license" for more information.
>>>>> >>> import ldap
>>>>> >>> import DNS
>>>>> >>>
>>>>>
>>>>>
>>>>>  --
>>>>> Want to help the Review Board project? Donate today at
>>>>> http://www.reviewboard.org/donate/
>>>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>>>> -~----------~----~----~----~------~----~------~--~---
>>>>> To unsubscribe from this group, send email to
>>>>> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/reviewboard?hl=en
>>>>>
>>>>
>>>>  --
>>>> Want to help the Review Board project? Donate today at
>>>> http://www.reviewboard.org/donate/
>>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>>> -~----------~----~----~----~------~----~------~--~---
>>>> To unsubscribe from this group, send email to
>>>> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/reviewboard?hl=en
>>>>
>>>
>>>  --
>>> Want to help the Review Board project? Donate today at
>>> http://www.reviewboard.org/donate/
>>> Happy user? Let us know at http://www.reviewboard.org/users/
>>> -~----------~----~----~----~------~----~------~--~---
>>> To unsubscribe from this group, send email to
>>> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
>>> For more options, visit this group at
>>> http://groups.google.com/group/reviewboard?hl=en
>>>
>>
>>  --
>> Want to help the Review Board project? Donate today at
>> http://www.reviewboard.org/donate/
>> Happy user? Let us know at http://www.reviewboard.org/users/
>> -~----------~----~----~----~------~----~------~--~---
>> To unsubscribe from this group, send email to
>> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
>> For more options, visit this group at
>> http://groups.google.com/group/reviewboard?hl=en
>>
>
>

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to