Yes,

  ReviewBoard use for such account passwordhash = "!" which means -
please check password by way provide by external backend.

This is major part of implementation cut from my own script:
https://gist.github.com/987379

Call looks like:
add_many_users_by_ldap_filter('(&(memberOf=reviewboard_access)(nickname=*))')

and all users from group reviewboard_access are added to ReviewBoard :)

Greetings from Poland!
--
Jan Koprowski


On Mon, May 23, 2011 at 9:19 PM, Joe <gjwilso...@gmail.com> wrote:
> Hi all,
>
> I have a quick question. If we are using ldap as the authentication
> and create an user(an existing id in ldap) in reviewboard using the
> admin dashboard with a dummy password, will the user be able to login
> with ldap credentials(userid/password)?
>
> Thanks for the help!
>
> On May 19, 11:55 am, Tucker <j...@gmail.com> wrote:
>> I don't know thing 1 about Django so I'm not sure if I'll be much use
>> in that.  If I have some time, in the near future, I'll give it a shot
>> though.  If there's someone out there who wants to strip out anything
>> they find useful, feel free.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, May 19, 2011 at 12:26 AM, Christian Hammond <chip...@chipx86.com> 
>> wrote:
>> > If this could be turned into a Django Management Command (basically, a
>> > script that subclasses a certain class -- see the Django docs), and was
>> > updated to use our models for access instead of talking to the database
>> > directly, I think it'd be worth including in Review Board.
>>
>> > Christian
>>
>> > --
>> > Christian Hammond - chip...@chipx86.com
>> > Review Board -http://www.reviewboard.org
>> > VMware, Inc. -http://www.vmware.com
>>
>> > On Thu, May 19, 2011 at 12:23 AM, junk <j...@gmail.com> wrote:
>>
>> >> I saw this message and it got me interested.  I was thinking about
>> >> this earlier (although this is not what I was searching for) and
>> >> decided to take this as a chance to whip up something to do it.
>> >> Please keep in mind that this was written in about three hours and is
>> >> just a first pass.  I borrowed some existing LDAP code I had lying
>> >> around and there's even a TODO telling me to figure out wtf I'm
>> >> doing.  :)
>>
>> >> Anywho... you'll need to make some changes to this to make it work for
>> >> whatever you LDAP infrastructure looks like.
>>
>> >> NOTE: Our LDAP server has multiple user DNs.  We have one for
>> >> employees and another for contractors/vendors.  Since I need to be
>> >> able to search through any of them, I have to use a dictionary for my
>> >> LUSER_DN.
>>
>> >> """
>> >> #!/usr/bin/python
>>
>> >> """Update ReviewBoard users list with members of an LDAP group.
>>
>> >> Connect to LDAP and MySQL and generate users list.  Find the
>> >> differences in
>> >> the two lists and query LDAP for user data (username, first name, last
>> >> name).
>> >> Insert unique users into ReviewBoard MySQL server.
>>
>> >> TODO(junk):
>> >> * If named group doesn't exist in ReviewBoard, add to group list.
>> >> * Add new users to named group in ReviewBoard.
>> >> * If a user is removed from an LDAP group, remove them from the
>> >> ReviewBoard group.
>> >> * Check missing users for locaked status and mark inactive.
>> >> """
>>
>> >> __author__ = 'Tucker <j...@gmail.com>'
>>
>> >> import ldap
>> >> import MySQLdb
>> >> import sys
>> >> import time
>>
>> >> # Globals.
>> >> L_HOST = 'ldap_server'
>> >> LGROUP_DN = 'ou=Group,dc=company,dc=com'
>> >> LUSER_DN = {'People': ['ou=People,dc=company,dc=com', 'uid'],
>> >>            'Outside': ['ou=Outside,dc=company,dc=com', 'cn'],
>> >>           }
>> >> RB_HOST = 'localhost'
>> >> RB_USER = 'user'
>> >> RB_PASS = 'password'
>> >> RB_DB = 'reviewboard'
>>
>> >> def error_and_exit(msg, ret):
>> >>  """Print our error message and exit.
>>
>> >>  Args:
>> >>    msg: Error message string
>> >>    ret: integer return value
>> >>  """
>> >>  print 'ERROR: %s' % msg
>> >>  sys.exit(ret)
>>
>> >> def get_ldap_members(ldap_object, group_name):
>> >>  """Query LDAP for group members.
>>
>> >>  Args:
>> >>    ldap_object: LDAP object user to connect and query the LDAP server
>> >>    group_name: group name string
>> >>  Returns:
>> >>    group_members: dictionary containing all group members
>> >>  """
>> >>  search_scope = ldap.SCOPE_SUBTREE
>> >>  ldap_filter = 'cn=%s' % group_name
>>
>> >>  # Run our LDAP query.
>> >>  try:
>> >>    ldap_result_id = ldap_object.search(LGROUP_DN, search_scope,
>> >> ldap_filter)
>> >>    results = []
>> >>    result_type, result_data = ldap_object.result(ldap_result_id, 0)
>> >>  except ldap.LDAPError, e:
>> >>    error_and_exit(e[0]['desc'], 4)
>>
>> >>  # TODO(junk): remember what this does and comment on it
>> >>  if result_data:
>> >>    if result_type == ldap.RES_SEARCH_ENTRY:
>> >>      results.append(result_data)
>>
>> >>  # If the group doesn't exist, bail out.
>> >>  if not results:
>> >>    error_and_exit('Group not found.', 5)
>>
>> >>  # If the group has no members, bail out.
>> >>  if 'memberUid' not in results[0][0][1]:
>> >>    error_and_exit('Group has no members', 6)
>>
>> >>  # Send back our results dictionary.
>> >>  return results[0][0][1]['memberUid']
>>
>> >> def get_member_info(ldap_object, ldap_members):
>> >>  """Get user info for each LDAP group member.
>>
>> >>  Args:
>> >>    ldap_object: LDAP object user to connect and query the LDAP server
>> >>    ldap_members: list of LDAP group members
>> >>  Return:
>> >>    ldap_user_info: dictionary of LDAP user info
>> >>  """
>> >>  search_scope = ldap.SCOPE_SUBTREE
>> >>  ldap_user_info = {}
>>
>> >>  # Search through each member in our list.
>> >>  for member in ldap_members:
>> >>    # Run our LDAP query against all possible user DNs.
>> >>    for dn in LUSER_DN:
>> >>      ldap_filter = '%s=%s' % (LUSER_DN[dn][1], member)
>> >>      try:
>> >>        ldap_result_id = ldap_object.search(LUSER_DN[dn][0],
>> >> search_scope,
>> >>                                            ldap_filter)
>> >>        result_type, result_data = ldap_object.result(ldap_result_id,
>> >> 0)
>> >>      except ldap.LDAPError, e:
>> >>        error_and_exit(e[0]['desc'], 3)
>>
>> >>    # We don't store first and last names, only gecos.
>> >>    if result_data:
>> >>      first_name = result_data[0][1]['gecos'][0].split()[0]
>> >>      last_name = result_data[0][1]['gecos'][0].split()[-1]
>>
>> >>    # Add each new user to the list.
>> >>    ldap_user_info[member] = [last_name, first_name]
>>
>> >>  return ldap_user_info
>>
>> >> def add_rb_members(ldap_user_info):
>> >>  """Add group members to ReviewBoard.
>>
>> >>  Args:
>> >>    ldap_user_info: dictionary of LDAP user info to add
>> >>  """
>> >>  # Get current time in correct format.
>> >>  now = time.strftime('%Y-%m-%d %H:%M:%S')
>>
>> >>  # Create a MySQL connection object to work with.
>> >>  mysql_o = MySQLdb.connect(host=RB_HOST, user=RB_USER,
>> >>                            passwd=RB_PASS, db=RB_DB)
>> >>  cursor = mysql_o.cursor()
>>
>> >>  for user in ldap_user_info:
>> >>    first_name = ldap_user_info[user][1]
>> >>    last_name = ldap_user_info[user][0]
>> >>    try:
>> >>      cursor.execute('INSERT INTO auth_user
>> >> (username,first_name,last_name,'
>> >>                     'email,password,is_staff,is_active,is_superuser,'
>> >>                     'last_login,date_joined) VALUES'
>>
>> >> '("%s","%s","%s","%...@company.com","!","0","1","0",'
>> >>                     '"0000-00-00' '00:00:00","%s")' %
>> >>                     (user, first_name, last_name, user, now))
>> >>    # Ignore any exceptions and keep moving.
>> >>    except:
>> >>      pass
>>
>> >> def main(argv):
>> >>  # Check to make sure our group is an alphabetic string.
>> >>  try:
>> >>    if not argv[1].isalpha():
>> >>      error_and_exit('Group name provided appears invalid.', 2)
>> >>    else:
>> >>      group = argv[1]
>> >>  except IndexError, e:
>> >>    error_and_exit('No group specified.', 1)
>>
>> >>  # Create out LDAP object.
>> >>  try:
>> >>    ldap_o = ldap.open(L_HOST)
>> >>    ldap_o.protocol_verion = ldap.VERSION3
>> >>  except ldap.LDAPError, e:
>> >>    error_and_exit(e[0]['desc'], 3)
>>
>> >>  # Get our LDAP group members.
>> >>  ldap_members = get_ldap_members(ldap_o, group)
>>
>> >>  # Get user info for all users.
>> >>  ldap_user_info = get_member_info(ldap_o, ldap_members)
>>
>> >>  # Add all our users to ReviewBoard.
>> >>  add_rb_members(ldap_user_info)
>>
>> >> if __name__ == '__main__':
>> >>  main(sys.argv)
>> >> """
>>
>> >> On May 16, 11:18 am, Joe <gjwilso...@gmail.com> wrote:
>> >> > Thanks Eric.
>>
>> >> > How were you able to push the data from ldap into reviewboard database
>> >> > tables? Can you please provide some information on importing the ldap
>> >> > data into our reviewboard database?
>>
>> >> > On May 15, 3:55 pm, Eric Johnson <ericjohn...@alumni.brown.edu> wrote:
>>
>> >> > > On our ReviewBoard server, we push the data into the database tables.
>> >> > > Has been working quite well. Of course, you have to pay attention to 
>> >> > > users
>> >> > > from LDAP that already exist, and perhaps users who have been 
>> >> > > disabled in
>> >> > > LDAP.
>>
>> >> > > No automated way to do it, other than that, at least that I'm aware.
>>
>> >> > > Eric
>>
>> >> > > On May 13, 2011, at 2:20 PM, Joe <gjwilso...@gmail.com> wrote:
>>
>> >> > > > Hi,
>>
>> >> > > > Currently, whenever we had to add an user from ldap to a group, the
>> >> > > > user has to first login to the system, so that the user is added to
>> >> > > > the reviewboard database.
>> >> > > > We want a way to avoid having the user to login in order to use that
>> >> > > > id from the admin ui.
>>
>> >> > > > So is there any way to import users from LDAP into the reviewboard?
>>
>> >> > > > Thanks
>>
>> >> > > > --
>> >> > > > Want to help the Review Board project? Donate today
>> >> > > > athttp://www.reviewboard.org/donate/
>> >> > > > Happy user? Let us know athttp://www.reviewboard.org/users/
>> >> > > > -~----------~----~----~----~------~----~------~--~---
>> >> > > > To unsubscribe from this group, send email to
>> >> > > > reviewboard+unsubscr...@googlegroups.com
>> >> > > > For more options, visit this group
>> >> > > > athttp://groups.google.com/group/reviewboard?hl=en
>>
>> >> --
>> >> Want to help the Review Board project? Donate today at
>> >>http://www.reviewboard.org/donate/
>> >> Happy user? Let us know athttp://www.reviewboard.org/users/
>> >> -~----------~----~----~----~------~----~------~--~---
>> >> To unsubscribe from this group, send email to
>> >> reviewboard+unsubscr...@googlegroups.com
>> >> For more options, visit this group at
>> >>http://groups.google.com/group/reviewboard?hl=en
>>
>> > --
>> > Want to help the Review Board project? Donate today at
>> >http://www.reviewboard.org/donate/
>> > Happy user? Let us know athttp://www.reviewboard.org/users/
>> > -~----------~----~----~----~------~----~------~--~---
>> > To unsubscribe from this group, send email to
>> > reviewboard+unsubscr...@googlegroups.com
>> > For more options, visit this group at
>> >http://groups.google.com/group/reviewboard?hl=en
>>
>> --
>>
>> --tucker
>
> --
> Want to help the Review Board project? Donate today at 
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to 
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at 
> http://groups.google.com/group/reviewboard?hl=en



-- 
><> Jan Koprowski

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to