I'm having significant problems getting LDAP authentication to work.

First, my problem, then a few suggestions to make this all go a bit
easier.  My set up is the following:
Review board 1.6.1
LDAP server: ldap://loaclhost:389
LDAP Base DN: ou=People,dc=domain,dc=com
Given Name Attribute: givenName
Surname Attribute: sn
Full Name Attribute: cn
E-mail LDAP attribute: mail
User Mask: uid=%s
Anonymous User Mask: cn=readonly,ou=System,dc=domain,dc=com
Anonymous User Password: <password>

The problem is, this doesn't authenticate properly.  I get an error in
the Reviewboard logs saying:
 WARNING - An error while LDAP-authenticating: KeyError(u'cn',)

Things I've tried: changing User Mask: to uid=
%s,ou=People,dc=domain,dc=com doesn't work. Error in the log is:
 WARNING - LDAP error: The specified object does not exist in the
Directory: uid=username,ou=People,dc=domain,dc=com
But a close look into the LDAP logs reveals that it's search was:
 filter: (uid=username,ou=people,dc=domain,dc=com)
Note the Lowercase people instead of People.

Any idea how to get this to authenticate correctly?

Something else I'd like to see: you should make a distinction between
the bind-dn and the anonymous-dn  We do not allow anonymous access to
our LDAP server, and it would be nice to distinguish the user that's
reading just to get binding information and the user that's reading as
an anonymous Review Board user.

Also, please make it so that when saving options to the LDAP
authentication screen, it doesn't take a blank password in Anonymous
Password to mean a blank password, especially after its been set.  I
hate having to re-enter that password every single time.

Want to help the Review Board project? Donate today at 
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to