Some more information,
I removed cn as the Full Name Attribute and mail as the Email LDAP
Attribute and auth now works (mostly) correctly. Which means that the
givenName / sn fields were retrieved correctly, but the cn / mail
attributes were not. I would like these attributes to be read,
especially the email one.
On Sep 12, 3:20 pm, Jeff Ward <j...@fuzzybinary.com> wrote:
> I'm having significant problems getting LDAP authentication to work.
> First, my problem, then a few suggestions to make this all go a bit
> easier. My set up is the following:
> Review board 1.6.1
> LDAP server: ldap://loaclhost:389
> LDAP Base DN: ou=People,dc=domain,dc=com
> Given Name Attribute: givenName
> Surname Attribute: sn
> Full Name Attribute: cn
> E-mail LDAP attribute: mail
> User Mask: uid=%s
> Anonymous User Mask: cn=readonly,ou=System,dc=domain,dc=com
> Anonymous User Password: <password>
> The problem is, this doesn't authenticate properly. I get an error in
> the Reviewboard logs saying:
> WARNING - An error while LDAP-authenticating: KeyError(u'cn',)
> Things I've tried: changing User Mask: to uid=
> %s,ou=People,dc=domain,dc=com doesn't work. Error in the log is:
> WARNING - LDAP error: The specified object does not exist in the
> Directory: uid=username,ou=People,dc=domain,dc=com
> But a close look into the LDAP logs reveals that it's search was:
> filter: (uid=username,ou=people,dc=domain,dc=com)
> Note the Lowercase people instead of People.
> Any idea how to get this to authenticate correctly?
> Something else I'd like to see: you should make a distinction between
> the bind-dn and the anonymous-dn We do not allow anonymous access to
> our LDAP server, and it would be nice to distinguish the user that's
> reading just to get binding information and the user that's reading as
> an anonymous Review Board user.
> Also, please make it so that when saving options to the LDAP
> authentication screen, it doesn't take a blank password in Anonymous
> Password to mean a blank password, especially after its been set. I
> hate having to re-enter that password every single time.
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at