Hi Lev,

I'll only be able to answer the first one. There are many users on here
that know LDAP much better than I do.

We've had reports in the past that LDAP/AD would block users from logging
in with the builtin auth. I don't know why it does this, and have tried to
hunt it down before, but couldn't repro here. If you can trace it, that
would help immensely.

The code lives in reviewboard/accounts/backends.py. The get_or_create_user
will basically only be a factor for new users who haven't logged into
Review Board yet, so most likely the problem is in authenticate(). My
suspicion is that we're getting past all the initial checks and being told
there's at least some entry for the user in question, causing us never to
fall back.

Our LDAP support has all been user-contributed, and I'm no LDAP expert, so
any assistance in maintaining/fixing this code would help greatly :)

Christian

-- 
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com


On Tue, Feb 7, 2012 at 10:31 AM, Lev Bronshtein <bronshtein....@gmail.com>wrote:

> Version 1.6
> My understanding of the authentication process was that if all other
> auth methods failed, review board would fall back to "builtin", is
> this not correct then?  I was attempting to login as as a local admin
> after having set up AD and received a TLS exception, the auth process
> did not attempt to move on after that.  Since the install process
> advises that the local admin does not match a name in AD/LDAP does
> that mean that this name will only work when builtin method is
> enabled.  As for failing back is it supposed to happen and the only
> thing stopping it is an unhanded exception?
>
> Another thing setting LDAP does not appear to have any affect, local
> use/password works but non of the LDAP ones.
>
> Finally if I were to enable TLS for LDAP/AD where would the certs need
> to be stored, or how would I enable opportunistic TLS as opposed to
> some recognized cert?
>
> Regards,
>
> Lev Bronshtein
>
> P.S. I would ne more then happy to trace the execution of various
> components if you need me to and report back my findings if it makes
> the process easier.
>
> --
> Want to help the Review Board project? Donate today at
> http://www.reviewboard.org/donate/
> Happy user? Let us know at http://www.reviewboard.org/users/
> -~----------~----~----~----~------~----~------~--~---
> To unsubscribe from this group, send email to
> reviewboard+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/reviewboard?hl=en

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to