Can you tell me exactly which versions of ReviewBoard and Djblets are
installed, and what version of Python is being used on the server? I can
build you some packages with extended debug info to help figure out where
auth is getting stuck.

Christian

-- 
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com


On Wed, Sep 28, 2011 at 7:12 AM, Jeff Ward <j...@fuzzybinary.com> wrote:

> This is on Apache on FastCGI.  There's a weird issue with us hosting
> WSGI because the server is running an older version of Ubuntu
> (something we should correct, but can't at the moment).
>
> On Sep 27, 5:48 pm, Christian Hammond <chip...@chipx86.com> wrote:
> > Hi Jeff,
> >
> > Thanks for sending me that info.
> >
> > So this actually has nothing to do with LDAP. I've seen this before once,
> on
> > Python 2.7 only. My guess is there's something that prevented the right
> > headers from reaching the server. Some sort of regression on their end
> (we
> > already know they broke uploading of binary content).
> >
> > First off, can you let me know whether you're using the dev server, or
> > Apache? If Apache, is it mod_wsgi? And if so, is there a
> > "WSGIPassAuthorization On" line in the config?
> >
> > Christian
> >
> > --
> > Christian Hammond - chip...@chipx86.com
> > Review Board -http://www.reviewboard.org
> > VMware, Inc. -http://www.vmware.com
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Sep 27, 2011 at 11:02 AM, Jeff Ward <j...@fuzzybinary.com>
> wrote:
> > > Yes this is using post-review as the client.  Here's the output when I
> > > disable anonymous reads:
> > > C:\Python27\Scripts\post-review --server=http://server:9999--debug --
> > > repository=repo_name
> > > >>> RBTools 0.3.3
> > > >>> Home = <redacted>
> > > >>> hg showconfig
> > > >>> hg root
> > > >>> p4 info
> > > >>> repository info: Path: <redacted>, Base path: None, Supports
> > > changesets: True
> > > >>> HTTP GETting api/
> > > >>> HTTP GETtinghttp://server:9999/api/info/
> > > ==> HTTP Authentication Required
> > > Enter authorization information for "Web API" at server:9999
> > > Username: jeffw
> > > Password:
> > > >>> Got API Error 103 (HTTP code 401): You are not logged in
> > > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
> logged
> > > in', u'code': 103}}
> > > >>> Using the deprecated Review Board 1.0 web API
> > > >>> Generating diff for changenum default
> > > >>> p4 opened -c default
> > > >>> Processing edit of <redacted>
> > > >>> Writing "<redacted>" to "<redacted>"
> > > >>> p4 print -o <redacted> -q <redacted>
> > > >>> diff -urNp <redacted> <redacted>
> > > Traceback (most recent call last):
> > >  File "C:\Python27\Scripts\post-review-script.py", line 8, in
> > > <module>
> > >    load_entry_point('rbtools==0.3.3', 'console_scripts', 'post-
> > > review')()
> > >  File "C:\Python27\lib\site-packages\rbtools-0.3.3-py2.7.egg\rbtools
> > > \postreview.py", line 3988, in main
> > > AttributeError: 'ReviewBoardServer' object has no attribute
> > > 'rb_version'
> >
> > > /api doesn't require auth in this scenereo, but /api/info does.  I can
> > > not log in to /api/info from a web browser in this situation either.
> >
> > > If I turn on anonymous read I get this:
> > > >>> RBTools 0.3.3
> > > >>> Home = <redacted>
> > > >>> hg showconfig
> > > >>> hg root
> > > >>> p4 info
> > > >>> repository info: Path: <redacted>, Base path: None, Supports
> > > changesets: True
> > > >>> HTTP GETting api/
> > > >>> HTTP GETtinghttp://server:9999/api/info/
> > > >>> Using the new web API
> > > >>> Generating diff for changenum default
> > > >>> p4 opened -c default
> > > >>> Processing edit of <redacted>
> > > >>> Writing "<redacted>" to "<redacted>"
> > > >>> p4 print -o <redacted> -q <redacted>
> > > >>> diff -urNp <redacted> <redacted>
> > > >>> Attempting to create review request on repo_name for None
> > > >>> HTTP POSTing tohttp://server:9999/api/review-requests/:
> > > {'repository': 'repo_name'}
> > > ==> HTTP Authentication Required
> > > Enter authorization information for "Web API" at server:9999
> > > Username: jeffw
> > > Password:
> > > >>> Got API Error 103 (HTTP code 401): You are not logged in
> > > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
> logged
> > > in', u'code': 103}}
> > > >>> Attempting to create review request on repo_name for None
> > > >>> HTTP POSTing tohttp://server:9999/api/review-requests/:
> > > {'repository': 'repo_name'}
> > > >>> Got API Error 103 (HTTP code 401): You are not logged in
> > > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
> logged
> > > in', u'code': 103}}
> > > >>> Attempting to create review request on repo_name for None
> > > >>> HTTP POSTing tohttp://server:9999/api/review-requests/:
> > > {'repository': 'repo_name'}
> > > >>> Got API Error 103 (HTTP code 401): You are not logged in
> > > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
> logged
> > > in', u'code': 103}}
> > > >>> Attempting to create review request on repo_name for None
> > > >>> HTTP POSTing tohttp://server:9999/api/review-requests/:
> > > {'repository': 'repo_name'}
> > > >>> Got API Error 103 (HTTP code 401): You are not logged in
> > > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
> logged
> > > in', u'code': 103}}
> > > Error creating review request: You are not logged in (HTTP 401, API
> > > Error 103)
> >
> > > My LDAP does not allow anonymous binds, which I think may be the
> > > issue.  Authentication from the main page works though, and since both
> > > are supposed to go through the same code path, I have no idea what's
> > > killing the API auth.
> >
> > > --
> > > Jeff
> >
> > > On Sep 26, 4:12 pm, Christian Hammond <chip...@chipx86.com> wrote:
> > > > Hi Jeff,
> >
> > > > Sorry for the late reply.
> >
> > > > Our authentication for both the web UI and API go through the same
> place.
> > > > However, you may be hitting other bugs.
> >
> > > > Is this using post-review as the client? Can you run with --debug and
> > > show
> > > > me the output?
> >
> > > > I'm curious what's prompting for a password on /api/, because we
> don't
> > > > actually require one there (necessary so that /api/info/ can be
> accessed
> > > to
> > > > determine what version works in order to be able to authenticate).
> >
> > > > Christian
> >
> > > > --
> > > > Christian Hammond - chip...@chipx86.com
> > > > Review Board -http://www.reviewboard.org
> > > > VMware, Inc. -http://www.vmware.com
> >
> > > > On Mon, Sep 26, 2011 at 11:22 AM, Jeff Ward <j...@fuzzybinary.com>
> > > wrote:
> > > > > So, in lack of a response, I've moved my review board server in an
> > > > > attempt to fix this.  I still can't host on a subdomain, but I'm
> now
> > > > > using root plus a port (in this case 9999).
> >
> > > > > LDAP authentication still doesn't work with the API, and it looks
> like
> > > > > no query for authentication is being sent to the LDAP server, no
> error
> > > > > in the logs.
> >
> > > > > Is there anywhere I can look to diagnose this issue / potentially
> get
> > > > > it to work?
> >
> > > > > --
> > > > > Jeff
> >
> > > > > On Sep 22, 6:59 pm, Jeff Ward <j...@fuzzybinary.com> wrote:
> > > > > > I'm having more trouble getting LDAP authentication.
> >
> > > > > > I'll admit up front, I'm working with a web server where
> dedicating a
> > > > > > portion of apache just to review board was not possible. I had to
> > > > > > append the rules to the default site, at the directory
> root/reviews.
> > > > > > This is a hard requirement.
> >
> > > > > > I am also using FastCGI.  This is because of other issues with
> WSGI
> > > on
> > > > > > the server.
> >
> > > > > > The problem is root/reviews/api/ is not accepting LDAP
> > > > > > authentication.  So far as I can tell, it's not even attempting
> to
> > > > > > query LDAP for the information, and the logs have no information.
>  Is
> > > > > > there something I should look for to have the API authenticate
> > > > > > properly, especially in this weird setup?
> >
> > > > > --
> > > > > Want to help the Review Board project? Donate today at
> > > > >http://www.reviewboard.org/donate/
> > > > > Happy user? Let us know athttp://www.reviewboard.org/users/
> > > > > -~----------~----~----~----~------~----~------~--~---
> > > > > To unsubscribe from this group, send email to
> > > > > reviewboard+unsubscr...@googlegroups.com
> > > > > For more options, visit this group at
> > > > >http://groups.google.com/group/reviewboard?hl=en
> >
> > > --
> > > Want to help the Review Board project? Donate today at
> > >http://www.reviewboard.org/donate/
> > > Happy user? Let us know athttp://www.reviewboard.org/users/
> > > -~----------~----~----~----~------~----~------~--~---
> > > To unsubscribe from this group, send email to
> > > reviewboard+unsubscr...@googlegroups.com
> > > For more options, visit this group at
> > >http://groups.google.com/group/reviewboard?hl=en
>
> --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en
>

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to