Oh, and I have a clone of the server if there's anything I can do for testing. My Python skills are somewhere between crappy and nonexistent, but I can follow directions and install whatever crazy stuff on my clone to help.
Ian On Thu, Nov 10, 2011 at 9:59 PM, Mail Team <email....@gmail.com> wrote: > Sorry, to answer your question from a few days ago, LDAP logins aren't > currently working at all for me, either from the web UI or from post-review. > > Ian > > > On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal <nileshj...@gmail.com>wrote: > >> >> Hi Chris, >> >> The changes are done are as below please find the snippet. >> >> class LDAPBackend(AuthBackend): >> """Authenticate against a user on an LDAP server.""" >> name = _('LDAP') >> settings_form = LDAPSettingsForm >> >> def authenticate(self, username, password): >> username = username.strip() >> uid = settings.LDAP_UID_MASK % username >> logging.info("Start Authenticating username: %s" % username) >> logging.info("User UID is : %s" % uid) >> try: >> import ldap >> ldapo = ldap.initialize(settings.LDAP_URI) >> ldapo.set_option(ldap.OPT_REFERRALS, 0) >> ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) >> if settings.LDAP_TLS: >> ldapo.start_tls_s() >> >> * # May need to log in as the anonymous user before searching. >> Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username >> Attrs=['displayName'] >> * >> if settings.LDAP_ANON_BIND_UID: >> ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, >> settings.LDAP_ANON_BIND_PASSWD) >> >> *search = ldapo.search(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, Attrs)* >> >> if not search: >> # no such a user, return early, no need for bind attempts >> logging.warning("LDAP error: The specified object does >> not " >> "exist in the Directory: %s" % >> uid) >> return None >> * # Adding my code Start >> search = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter) >> # Adding my code End >> * >> >> Similar changes in >> def get_or_create_user(self, username): >> >> * Filter = '(&(objectClass=*)(sAMAccountName=%s))' % >> username >> Attrs=['displayName'] >> # passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> # ldap.SCOPE_SUBTREE, >> # settings.LDAP_UID_MASK % >> username) >> passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, Attrs) >> * if len(password) == 0: >> # Don't try to bind using an empty password; the server >> will >> # return success, which doesn't mean we have >> authenticated. >> # http://tools.ietf.org/html/rfc4513#section-5.1.2 >> # http://tools.ietf.org/html/rfc4513#section-6.3.1 >> logging.warning("Empty password for: %s" % uid) >> return None >> >> ldapo.bind_s(search[0][0], password) >> >> return self.get_or_create_user(username) >> >> >> After this changes i was able to authenticate using LDAP user from RB >> GUI. This is my customize fix, if you have better fix please let us know. >> >> Regards, >> Nilesh >> >> On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond >> <chip...@chipx86.com>wrote: >> >>> Can you tell me what change you made? I'd like to get a fix into a >>> release. >>> >>> >>> Christian >>> >>> -- >>> Christian Hammond - chip...@chipx86.com >>> Review Board - http://www.reviewboard.org >>> VMware, Inc. - http://www.vmware.com >>> >>> >>> On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal <nileshj...@gmail.com>wrote: >>> >>>> Its seems, you need to make the changes in the backends.py to add the >>>> filter for the LDAP user, I was also facing this issue then i add the >>>> filter and it started working for me >>>> >>>> >>>> On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond >>>> <chip...@chipx86.com>wrote: >>>> >>>>> Hi, >>>>> >>>>> Are you just having trouble with API logins using post-review, or the >>>>> website as well? >>>>> >>>>> There are some issues we haven't yet tracked down specifically with >>>>> LDAP logins with the API. I honestly don't know what's going on there, and >>>>> nobody who has such a setup has been able to debug enough to figure out >>>>> the >>>>> root cause. >>>>> >>>>> Christian >>>>> >>>>> -- >>>>> Christian Hammond - chip...@chipx86.com >>>>> Review Board - http://www.reviewboard.org >>>>> VMware, Inc. - http://www.vmware.com >>>>> >>>>> >>>>> >>>>> On Mon, Nov 7, 2011 at 2:41 PM, Mail Team <email....@gmail.com> wrote: >>>>> >>>>>> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets >>>>>> 0.6.13, django_evolution 0.6.5. >>>>>> >>>>>> Ian >>>>>> >>>>>> >>>>>> On Sun, Nov 6, 2011 at 1:13 AM, Mail Team <email....@gmail.com>wrote: >>>>>> >>>>>>> And the client was using Python 2.7 all along. It was using RBTools >>>>>>> 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. >>>>>>> >>>>>>> Ian >>>>>>> >>>>>>> >>>>>>> On Sun, Nov 6, 2011 at 1:12 AM, Mail Team <email....@gmail.com>wrote: >>>>>>> >>>>>>>> A bit more info: >>>>>>>> My old server used Python 2.6, my new server uses 2.7. >>>>>>>> >>>>>>>> $ post-review --debug -o dummyfile >>>>>>>> >>> RBTools 0.3.4 >>>>>>>> >>> Home = /path/to/my/home >>>>>>>> >>> svn info >>>>>>>> >>> diff --version >>>>>>>> >>> repository info: Path: svn+ssh://my.repository/url, Base path: >>>>>>>> /trunk, Supports changesets: False >>>>>>>> >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >>>>>>>> >>> HTTP GETting api/ >>>>>>>> >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ >>>>>>>> ==> HTTP Authentication Required >>>>>>>> Enter authorization information for "Web API" at mailteam.apple.com >>>>>>>> Username: iana >>>>>>>> Password: >>>>>>>> >>> Got API Error 103 (HTTP code 401): You are not logged in >>>>>>>> >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not >>>>>>>> logged in', u'code': 103}} >>>>>>>> Unable to log in with the supplied username and password. >>>>>>>> >>>>>>>> When I use post-review as above, I do get some logs but they're not >>>>>>>> all that helpful to me. >>>>>>>> DEBUG Attempting authentication on API for user iana >>>>>>>> DEBUG API Login failed. No valid user found. >>>>>>>> >>>>>>>> On Sun, Nov 6, 2011 at 1:43 AM, Mail Team <email....@gmail.com>wrote: >>>>>>>> >>>>>>>>> I moved my Review Board installation to a new server via rb-site >>>>>>>>> manage dumpdata/loaddata which seemed to go fine, but now LDAP logins >>>>>>>>> don't >>>>>>>>> work. If I go into the admin interface and click on Logs, there's >>>>>>>>> nothing. >>>>>>>>> Any idea how I could debug this? Any silly gotchas that I might be >>>>>>>>> missing? >>>>>>>>> >>>>>>>>> Ian >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> -- >>>>>> Want to help the Review Board project? Donate today at >>>>>> http://www.reviewboard.org/donate/ >>>>>> Happy user? Let us know at http://www.reviewboard.org/users/ >>>>>> -~----------~----~----~----~------~----~------~--~--- >>>>>> To unsubscribe from this group, send email to >>>>>> reviewboard+unsubscr...@googlegroups.com >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/reviewboard?hl=en >>>>>> >>>>> >>>>> -- >>>>> Want to help the Review Board project? Donate today at >>>>> http://www.reviewboard.org/donate/ >>>>> Happy user? Let us know at http://www.reviewboard.org/users/ >>>>> -~----------~----~----~----~------~----~------~--~--- >>>>> To unsubscribe from this group, send email to >>>>> reviewboard+unsubscr...@googlegroups.com >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/reviewboard?hl=en >>>>> >>>> >>>> -- >>>> Want to help the Review Board project? Donate today at >>>> http://www.reviewboard.org/donate/ >>>> Happy user? Let us know at http://www.reviewboard.org/users/ >>>> -~----------~----~----~----~------~----~------~--~--- >>>> To unsubscribe from this group, send email to >>>> reviewboard+unsubscr...@googlegroups.com >>>> For more options, visit this group at >>>> http://groups.google.com/group/reviewboard?hl=en >>>> >>> >>> -- >>> Want to help the Review Board project? Donate today at >>> http://www.reviewboard.org/donate/ >>> Happy user? Let us know at http://www.reviewboard.org/users/ >>> -~----------~----~----~----~------~----~------~--~--- >>> To unsubscribe from this group, send email to >>> reviewboard+unsubscr...@googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/group/reviewboard?hl=en >>> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~----------~----~----~----~------~----~------~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en