Hi, You actually shouldn't have any ldap or auth configuration in your Apache config. The wsgi directive you were using, though, is absolutely required.
The reason is that we need Django and Review Board to handle all auth attempts. Can you go back to the prior configuration and rerun post-review --debug? Christian On Wednesday, March 30, 2011, fede <fede.n...@gmail.com> wrote: > Hi Christian, > > I'm restarting the web server every time I do any change, and checking > the httpd/error.logs to make sure it is restarted > > We added ldap to the apache conf., we are close but not there yet > Here is the configuration, maybe you can spot something wrong > > 3 <VirtualHost *:80> > 4 ServerName reviewboard.al.com.au > 5 ServerAlias reviewboard > 6 > 7 ServerAdmin @@@@@@@@@@ > 8 DocumentRoot /var/www/reviewboard > 9 > 10 HostNameLookups Off > 11 UseCanonicalName On > 12 ServerSignature On > 13 > 14 # Alias static media requests to filesystem > 15 Alias /media "/var/www/reviewboard/rnd/htdocs/media" > 16 Alias /errordocs "/var/www/reviewboard/rnd/htdocs/ > errordocs" > 17 > 18 WSGIScriptAlias / /var/www/reviewboard.wsgi > 19 > 20 <Location /api> > 21 AuthType Basic > 22 AuthName "AL ReviewBoard Repositories" > 23 AuthBasicProvider ldap > 24 AuthzLDAPAuthoritative off > 25 AuthLDAPBindDN "**************" > 26 AuthLDAPBindPassword ********* > 27 AuthLDAPUrl "ldap://ldap.al.com.au:389/ou=Active > Accounts,dc=al,dc=com,dc=au?sAMAccountName?sub?(objectClass=*)" > 28 Require valid-user > 29 </Location> > 30 > 31 <Directory "/var/www/reviewboard/rnd/htdocs"> > 32 AllowOverride All > 33 </Directory> > 34 > 35 </VirtualHost> > > > Here are the logs I'm getting (NOTE it is passing the GETting > http://reviewboard.al.com.au/api/info/) > >>>> HTTP GETting api/ > ==> HTTP Authentication Required > Enter authorization information for "AL ReviewBoard Repositories" at > reviewboard.al.com.au > Username: federicon > Password: >>>> HTTP GETting http://reviewboard.al.com.au/api/info/ >>>> Using the new web API >>>> Attempting to create review request on None for None >>>> HTTP POSTing to http://reviewboard.al.com.au/api/review-requests/: >>>> {'repository': None} >>>> Got API Error 103 (HTTP code 401): You are not logged in >>>> Error data: {'stat': 'fail', 'err': {'msg': 'You are not logged in', >>>> 'code': 103}} >>>> Attempting to create review request on None for None >>>> HTTP POSTing to http://reviewboard.al.com.au/api/review-requests/: >>>> {'repository': None} >>>> Got HTTP error: 401: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>401 Authorization Required</title> > </head><body> > <h1>Authorization Required</h1> > <p>This server could not verify that you > are authorized to access the document > requested. Either you supplied the wrong > credentials (e.g., bad password), or your > browser doesn't understand how to supply > the credentials required.</p> > <hr> > <address>Apache/2.2.3 (CentOS) Server at reviewboard.al.com.au Port > 80</address> > </body></html> > > Error creating review request: HTTP 401 > > > Looks like Django/RB is not picking the user:passw ?? > > ------------------------ > If I try a GET to this page, it is successful > >>curl -u federicon http://reviewboard.al.com.au/api/review-requests/ > Enter host password for user 'federicon': > {"total_results": 0, "stat": "ok", "review_requests": [], "links": > {"self": {"href": "http://reviewboard.al.com.au/api/review-requests/";, > "method": "GET"}, "create": {"href": "http://reviewboard.al.com.au/api/ > review-requests/", "method": "POST"}}} > > If I try a POST I get he Your are not Logged in error > >>curl --data sdf -u federicon http://reviewboard.al.com.au/api/review-requests/ > Enter host password for user 'federicon': > {"stat": "fail", "err": {"msg": "You are not logged in", "code": 103}} > > we run out of ideas in what to try > > ---------------------------- > > On Mar 31, 11:16 am, Christian Hammond <chip...@chipx86.com> wrote: >> Hi Fede, >> >> The reason it's broken now is that we've moved to using Basic HTTP auth for >> the API. This is a standard protocol, and things have supported it forever, >> but wsgi (and fastcgi) by default actually specifically filter out any >> Authorization headers related to it. That's what that directive is meant to >> prevent. The web UI itself doesn't use Basic HTTP auth, which is why you're >> not seeing the problem there. >> >> I don't know why it's not working for you. If that's the Apache file that >> your main Apache config is directly including, or those contents are in the >> main Apache config directly, then it should be solving the problem. The only >> other thing at this point that I can think of is if the web server actually >> wasn't restarted. >> >> Can you provide the full debug log (pass --debug) on post-review, with a >> login attempt? >> >> Christian >> >> -- >> Christian Hammond - chip...@chipx86.com >> Review Board -http://www.reviewboard.org >> VMware, Inc. -http://www.vmware.com >> >> >> >> >> >> >> >> On Wed, Mar 30, 2011 at 5:08 PM, fede <fede.n...@gmail.com> wrote: >> > Hi Christian, Thanks for your pormpt response, >> >> > We are using LDAP, and it is working fine from the WEB UI (as before) >> >> > Yes i'm including it directly, the apache-wsgi.conf, it looks like >> > this >> >> > 1 <VirtualHost *:80> >> > 2 ServerName reviewboard.al.com.au >> > 3 DocumentRoot "/var/www/reviewboard/rnd/htdocs" >> > 4 >> > 5 # Error handlers >> > 6 ErrorDocument 500 /errordocs/500.html >> > 7 >> > 8 WSGIPassAuthorization On >> > 9 WSGIScriptAlias "/" "/var/www/reviewboard/rnd/htdocs/ >> > reviewboard.wsgi" >> > 10 >> > 11 <Directory "/var/www/reviewboard/rnd/htdocs"> >> > 12 AllowOverride All >> > 13 </Directory> >> > 14 >> > 15 # Alias static media requests to filesystem >> > 16 Alias /media "/var/www/reviewboard/rnd/htdocs/media" >> > 17 Alias /errordocs "/var/www/reviewboard/rnd/htdocs/ >> > errordocs" >> > 18 </VirtualHost> >> >> > We had it working before with RB 1.0.8, so we have not changed the >> > apache conf, we just upgrade to 1.5.4 and RBTools: 0.3.1 and the post- >> > review stop working >> > There is no message in the httpd.erro.log when I try to submit the >> > post-review >> > We upgrade RB and started with a clean DB, so we did the rb-site >> > install. >> >> > This is the only error on the http/error.log But I think it is not >> > related >> > [error] /var/virtualenv/REVIEWBOARD-1/lib/python2.5/site-packages/ >> > Crypto/Util/randpool.py:40: RandomPool_DeprecationWarning: This >> > application uses RandomPool, which is BROKEN in older releases. See >> >http://www.pycrypto.org/randpool-broken >> >> > Fede >> >> > On Mar 30, 5:46 pm, Christian Hammond <chip...@chipx86.com> wrote: >> > > Hi, >> >> > > Just to be sure, is your Apache configuration directly including our >> > > conf/apache-wsgi.conf? Or did you copy the contents of that file >> > elsewhere >> > > when setting up the server? >> >> > > What authentication backend are you using? >> >> > > Christian >> >> > > -- >> > > Christian Hammond - chip...@chipx86.com >> > > Review Board -http://www.reviewboard.org >> > > VMware, Inc. -http://www.vmware.com >> >> > > On Tue, Mar 29, 2011 at 11:08 PM, fede <fede.n...@gmail.com> wrote: >> > > > Hi I'm facing a similar problem but I can not solve it with the fixes >> > > > given above, is there something else I can try ? >> >> > > > * Review Board: 1.5.4 >> > > > * RBTools: 0.3.1 >> > > > * SCM tool: Clearcase >> > > > * I'm using mod_wsgi >> >> > > > * I have the following setting on the conf/apache-wsgi.conf >> > > > WSGIPassAuthorization On >> >> > > > * Also tried adding this and restarting the httpd service >> > > > <Directory /> >> > > > Options FollowSymLinks >> > > > AllowOverride None >> > > > Order deny,all -- -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
