Hi Michael,

If AD is set, Review Board will use AD to authenticate for that user,
regardless of whether there was previously a user entry created with the
built-in authentication mechanism. What will happen is that there will be a
database entry for that user created through either method, and if AD is set
as the auth method, we will ask the AD server to authenticate instead of the
built-in auth.

I don't believe you can have Apache hand over auth like that.

Christian

-- 
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com


On Wed, Mar 10, 2010 at 7:21 AM, Michael <sierragolfoneni...@gmail.com>wrote:

> A couple of questions about alternatives for me:
>
> 1. I figure I can have everyone create a local username that matches
> their AD login name.
> If I later on turn on AD in RB can I do something to the database to
> effectively "switch" those users to AD without having to delete and
> recreate accounts?
> Initially there will be < 10 of us on here, so I'm not opposed to
> manually editing database rows if that would make it possible.
>
> 2. Alternatively, can I have Apache do the AD authentication and hand
> those credentials off to RB?
> I can't tell if Apache auth is possible with RB or not.
>
>
> Thanks,
> Michael
>
> On Mar 10, 8:02 am, Michael <sierragolfoneni...@gmail.com> wrote:
> > Submitted as Issue 1536.
> >
> > Thanks,
> > Michael
> >
> > On Mar 9, 3:26 pm, Christian Hammond <chip...@chipx86.com> wrote:
> >
> >
> >
> > > Would you mind filing a bug so we can track it for 1.5? This sounds bad
> and
> > > I want to make sure it doesn't slip.
> >
> > > I've looked through the code and can't determine why this would happen
> > > unless the server was in fact claiming that the user exists.
> >
> > > Christian
> >
> > > --
> > > Christian Hammond - chip...@chipx86.com
> > > Review Board -http://www.reviewboard.org
> > > VMware, Inc. -http://www.vmware.com
> >
> > > On Tue, Mar 9, 2010 at 12:17 PM, Michael <sierragolfoneni...@gmail.com
> >wrote:
> >
> > > > I'm actually having the same problem (I think).
> > > > I can set up a site, create an admin user with a name that I know is
> > > > not inAD, set RB to useAD, then become totally locked out of that
> > > > site.
> > > >ADdoesn't work and the admin login doesn't work anymore.
> > > > I have to just delete the site and recreate it using "rb-site
> > > > install".
> > > > I even tried turning logging on before switchingADlogins on and,
> > > > well, after I got the generic startup messages (2 lines total)
> nothing
> > > > appeared in the log.
> > > > No errors, no failure messages, *nothing at all*.
> >
> > > > Oh, I have TLS off for myADconnections. I can use various LDAP
> > > > browsers to connect to the domain controller without encryption and
> > > > browse around, so I figure I don't need encryption or any additional
> > > > permissions.
> >
> > > > Thanks,
> > > > Michael
> >
> > > > On Mar 2, 5:52 pm, Christian Hammond <chip...@chipx86.com> wrote:
> > > > > Is this only happening with the newer release, and not an older
> one? I
> > > > don't
> > > > > know what would have changed to affect this between the releases.
> >
> > > > > I recommend checking the log file (assuming logging is turned on)
> and
> > > > seeing
> > > > > if there are any errors.
> >
> > > > > Christian
> >
> > > > > --
> > > > > Christian Hammond - chip...@chipx86.com
> > > > > Review Board -http://www.reviewboard.org
> > > > > VMware, Inc. -http://www.vmware.com
> >
> > > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru <
> arkay.al...@gmail.com
> > > > >wrote:
> >
> > > > > > Hi Christian,
> >
> > > > > > After restarting apache. the admin login is failing. I cant login
> using
> > > > the
> > > > > >ADusername/passwd login also.
> > > > > > Since login page is using SSL and I setup LDAP to use TLS, I cant
> see
> > > > whats
> > > > > > going on.
> > > > > > I am guessing for admin user, RB is authenticating withAD. But I
> cant
> > > > > > explain whyADuser authentication is failing.
> >
> > > > > > Atleast the login page now is always showing the banner to "login
> with
> > > > > > standard username and password".
> > > > > > Previously that was changing with each refresh.
> >
> > > > > > I will just rebuild the site or else revert to a previous release
> and
> > > > check
> > > > > > there.
> >
> > > > > > thanks,
> > > > > > Ravi.
> >
> > > > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond <
> chip...@chipx86.com
> > > > >wrote:
> >
> > > > > >> Hi Ravi,
> >
> > > > > >> This all sounds like the settings saving bug. Try saving your
> auth
> > > > > >> settings and then restarting Apache.
> >
> > > > > >> What's happening is that different Apache threads are seeing
> different
> > > > > >> versions of the settings, instead of staying in sync like they
> should
> > > > be. So
> > > > > >> depending on what instance is handling your request, it may be
> using
> > > > your
> > > > > >> auth settings, or it may not.
> >
> > > > > >> Christian
> >
> > > > > >> --
> > > > > >> Christian Hammond - chip...@chipx86.com
> > > > > >> Review Board -http://www.reviewboard.org
> > > > > >> VMware, Inc. -http://www.vmware.com
> >
> > > > > >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru <
> > > > arkay.al...@gmail.com>wrote:
> >
> > > > > >>> Hi,
> >
> > > > > >>> I am seeing that authentication is failing most of the times.
> Once in
> > > > a
> > > > > >>> while it succeeds. I am currently running 1.5beta1. Any known
> issues
> > > > with
> > > > > >>> Active Directory (AD) backend? I found a few posts that
> referred to
> > > > making
> > > > > >>> sure ldap and DNS modules were available. I did confirm that.
> >
> > > > > >>> Also, the authentication settings at
>  /admin/settings/authentication
> > > > dont
> > > > > >>> seem to be saved correctly. After savingADsettings in
> > > > authentication, if i
> > > > > >>> navigate back to authentication page, it shows standard
> registration
> > > > > >>> selected. Sometimes navigating away and returning to this
> > > > authentication
> > > > > >>> page showsADsettings again. So I am not sure where to look for
> to
> > > > find the
> > > > > >>> issue. Any one seen similar issue have a workaround or where I
> can
> > > > see in
> > > > > >>> code to figure out?
> >
> > > > > >>> thanks,
> > > > > >>> Ravi.
> >
> > > > > >>> ar...@dev:~$ python
> > > > > >>> Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15)
> > > > > >>> [GCC 4.4.1] on linux2
> > > > > >>> Type "help", "copyright", "credits" or "license" for more
> > > > information.
> > > > > >>> >>> import ldap
> > > > > >>> >>> import DNS
> >
> > > > > >>>  --
> > > > > >>> Want to help the Review Board project? Donate today at
> > > > > >>>http://www.reviewboard.org/donate/
> > > > > >>> Happy user? Let us know athttp://www.reviewboard.org/users/
> > > > > >>> -~----------~----~----~----~------~----~------~--~---
> > > > > >>> To unsubscribe from this group, send email to
> > > > > >>> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
> <reviewboard%2bunsubscr...@googlegr­­oups.com>
> > > > <reviewboard%2bunsubscr...@googlegr­oups.com>
> > > > > >>> For more options, visit this group at
> > > > > >>>http://groups.google.com/group/reviewboard?hl=en
> >
> > > > > >>  --
> > > > > >> Want to help the Review Board project? Donate today at
> > > > > >>http://www.reviewboard.org/donate/
> > > > > >> Happy user? Let us know athttp://www.reviewboard.org/users/
> > > > > >> -~----------~----~----~----~------~----~------~--~---
> > > > > >> To unsubscribe from this group, send email to
> > > > > >> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
> <reviewboard%2bunsubscr...@googlegr­­oups.com>
> > > > <reviewboard%2bunsubscr...@googlegr­oups.com>
> > > > > >> For more options, visit this group at
> > > > > >>http://groups.google.com/group/reviewboard?hl=en
> >
> > > > > >  --
> > > > > > Want to help the Review Board project? Donate today at
> > > > > >http://www.reviewboard.org/donate/
> > > > > > Happy user? Let us know athttp://www.reviewboard.org/users/
> > > > > > -~----------~----~----~----~------~----~------~--~---
> > > > > > To unsubscribe from this group, send email to
> > > > > > reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
> <reviewboard%2bunsubscr...@googlegr­­oups.com>
> > > > <reviewboard%2bunsubscr...@googlegr­oups.com>
> > > > > > For more options, visit this group at
> > > > > >http://groups.google.com/group/reviewboard?hl=en-Hidequoted text
> -
> >
> > > > > - Show quoted text -
> >
> > > > --
> > > > Want to help the Review Board project? Donate today at
> > > >http://www.reviewboard.org/donate/
> > > > Happy user? Let us know athttp://www.reviewboard.org/users/
> > > > -~----------~----~----~----~------~----~------~--~---
> > > > To unsubscribe from this group, send email to
> > > > reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
> <reviewboard%2bunsubscr...@googlegr­­oups.com>
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/reviewboard?hl=en-Hide quoted text -
> >
> > > - Show quoted text -- Hide quoted text -
> >
> > - Show quoted text -
>
> --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com<reviewboard%2bunsubscr...@googlegroups.com>
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en
>

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to