Some more information,

I removed cn as the Full Name Attribute and mail as the Email LDAP
Attribute and auth now works (mostly) correctly.  Which means that the
givenName / sn fields were retrieved correctly, but the cn / mail
attributes were not.  I would like these attributes to be read,
especially the email one.


On Sep 12, 3:20 pm, Jeff Ward <> wrote:
> I'm having significant problems getting LDAP authentication to work.
> First, my problem, then a few suggestions to make this all go a bit
> easier.  My set up is the following:
> Review board 1.6.1
> LDAP server: ldap://loaclhost:389
> LDAP Base DN: ou=People,dc=domain,dc=com
> Given Name Attribute: givenName
> Surname Attribute: sn
> Full Name Attribute: cn
> E-mail LDAP attribute: mail
> User Mask: uid=%s
> Anonymous User Mask: cn=readonly,ou=System,dc=domain,dc=com
> Anonymous User Password: <password>
> The problem is, this doesn't authenticate properly.  I get an error in
> the Reviewboard logs saying:
>  WARNING - An error while LDAP-authenticating: KeyError(u'cn',)
> Things I've tried: changing User Mask: to uid=
> %s,ou=People,dc=domain,dc=com doesn't work. Error in the log is:
>  WARNING - LDAP error: The specified object does not exist in the
> Directory: uid=username,ou=People,dc=domain,dc=com
> But a close look into the LDAP logs reveals that it's search was:
>  filter: (uid=username,ou=people,dc=domain,dc=com)
> Note the Lowercase people instead of People.
> Any idea how to get this to authenticate correctly?
> Something else I'd like to see: you should make a distinction between
> the bind-dn and the anonymous-dn  We do not allow anonymous access to
> our LDAP server, and it would be nice to distinguish the user that's
> reading just to get binding information and the user that's reading as
> an anonymous Review Board user.
> Also, please make it so that when saving options to the LDAP
> authentication screen, it doesn't take a blank password in Anonymous
> Password to mean a blank password, especially after its been set.  I
> hate having to re-enter that password every single time.

Want to help the Review Board project? Donate today at
Happy user? Let us know at
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to