Some more information, I removed cn as the Full Name Attribute and mail as the Email LDAP Attribute and auth now works (mostly) correctly. Which means that the givenName / sn fields were retrieved correctly, but the cn / mail attributes were not. I would like these attributes to be read, especially the email one.
-- Jeff On Sep 12, 3:20 pm, Jeff Ward <j...@fuzzybinary.com> wrote: > I'm having significant problems getting LDAP authentication to work. > > First, my problem, then a few suggestions to make this all go a bit > easier. My set up is the following: > Review board 1.6.1 > LDAP server: ldap://loaclhost:389 > LDAP Base DN: ou=People,dc=domain,dc=com > Given Name Attribute: givenName > Surname Attribute: sn > Full Name Attribute: cn > E-mail LDAP attribute: mail > User Mask: uid=%s > Anonymous User Mask: cn=readonly,ou=System,dc=domain,dc=com > Anonymous User Password: <password> > > The problem is, this doesn't authenticate properly. I get an error in > the Reviewboard logs saying: > WARNING - An error while LDAP-authenticating: KeyError(u'cn',) > > Things I've tried: changing User Mask: to uid= > %s,ou=People,dc=domain,dc=com doesn't work. Error in the log is: > WARNING - LDAP error: The specified object does not exist in the > Directory: uid=username,ou=People,dc=domain,dc=com > But a close look into the LDAP logs reveals that it's search was: > filter: (uid=username,ou=people,dc=domain,dc=com) > Note the Lowercase people instead of People. > > Any idea how to get this to authenticate correctly? > > Something else I'd like to see: you should make a distinction between > the bind-dn and the anonymous-dn We do not allow anonymous access to > our LDAP server, and it would be nice to distinguish the user that's > reading just to get binding information and the user that's reading as > an anonymous Review Board user. > > Also, please make it so that when saving options to the LDAP > authentication screen, it doesn't take a blank password in Anonymous > Password to mean a blank password, especially after its been set. I > hate having to re-enter that password every single time. -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
