More evidence that this appears to be an issue with ReviewBoard handling
this success case - trying a bad password raises the correct error, meaning
the user account is indeed found and returned by LDAP:

[03/Dec/2013:17:52:03 -0800] CONNECT conn=42698
from=reviewboard:32879 to=ldap:1636 protocol=LDAPS
[03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=0 msgID=1 type=SIMPLE
dn=""
[03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=0 msgID=1 result=0
authDN="" etime=1
[03/Dec/2013:17:52:03 -0800] SEARCH REQ conn=42698 op=1 msgID=2
base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)"
attrs="ALL"
[03/Dec/2013:17:52:03 -0800] SEARCH RES conn=42698 op=1 msgID=2 result=0
nentries=1 etime=1
[03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=2 msgID=3 type=SIMPLE
dn="uid=johndoe,ou=Employees,dc=socrata,dc=com"
[03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=2 msgID=3 result=49
authFailureID=196887 authFailureReason="The password provided by the user
did not match any password(s) stored in the user's entry" etime=0
[03/Dec/2013:17:52:03 -0800] UNBIND REQ conn=42698 op=3 msgID=4
[03/Dec/2013:17:52:03 -0800] DISCONNECT conn=42698 reason="Client Unbind"

ReviewBoard
2013-12-04 01:52:03,633 - WARNING -  - LDAP error: The specified object
does not exist in the Directory or provided invalid credentials:
(uid=johndoe)


On Wed, Dec 4, 2013 at 3:41 PM, Chris Armstrong <chris.armstr...@socrata.com
> wrote:

> I'm trying to get a new user provisioned in ReviewBoard. His account
> exists in LDAP, but when he tries to log into ReviewBoard, he triggers a
> "Bad search filter" error:
>
> 2013-12-04 01:51:59,695 - WARNING -  - LDAP error: {'desc': 'Bad search
> filter'}
>
> The LDAP server seems to be perfectly happy:
>
> [03/Dec/2013:17:51:59 -0800] CONNECT conn=42697
> from=reviewboard:32876to=ldap:1636 protocol=LDAPS
> [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=0 msgID=1 type=SIMPLE
> dn=""
> [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=0 msgID=1 result=0
> authDN="" etime=0
> [03/Dec/2013:17:51:59 -0800] SEARCH REQ conn=42697 op=1 msgID=2
> base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)"
> attrs="ALL"
> [03/Dec/2013:17:51:59 -0800] SEARCH RES conn=42697 op=1 msgID=2 result=0
> nentries=1 etime=1
> [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=2 msgID=3 type=SIMPLE
> dn="uid= johndoe,ou=Employees,dc=socrata,dc=com"
> [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=2 msgID=3 result=0
> authDN="uid= johndoe,ou=Employees,dc=socrata,dc=com" etime=1
> [03/Dec/2013:17:51:59 -0800] UNBIND REQ conn=42697 op=3 msgID=5
> [03/Dec/2013:17:51:59 -0800] DISCONNECT conn=42697 reason="Client Unbind"+
>
> For comparison, I logged in successfully, and the output seems to be
> identical:
>
> [04/Dec/2013:09:42:38 -0800] CONNECT conn=42706
> from=reviewboard:34744to=ldap:1636 protocol=LDAPS
> [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=0 msgID=1 type=SIMPLE
> dn=""
> [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=0 msgID=1 result=0
> authDN="" etime=0
> [04/Dec/2013:09:42:39 -0800] SEARCH REQ conn=42706 op=1 msgID=2
> base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=carmstrong)"
> attrs="ALL"
> [04/Dec/2013:09:42:39 -0800] SEARCH RES conn=42706 op=1 msgID=2 result=0
> nentries=1 etime=0
> [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=2 msgID=3 type=SIMPLE
> dn="uid=carmstrong,ou=Employees,dc=socrata,dc=com"
> [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=2 msgID=3 result=0
> authDN="uid=carmstrong,ou=Employees,dc=socrata,dc=com" etime=1
> [04/Dec/2013:09:42:39 -0800] UNBIND REQ conn=42706 op=3 msgID=4
> [04/Dec/2013:09:42:39 -0800] DISCONNECT conn=42706 reason="Client Unbind"
>
> We were running 1.7.16, but I upgraded to 1.7.19 and still see the issue.
> The workaround for this is to provision them in ReviewBoard manually, but
> obviously this is less-than-ideal as it defeats the entire purpose of
> LDAP...
>
> Does anyone have any idea what this can be? Did the provisioning of new
> users from LDAP break some time ago, and noone noticed?
>
> --
> Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
> ---
> Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
> ---
> Happy user? Let us know at http://www.reviewboard.org/users/
> ---
> You received this message because you are subscribed to the Google Groups
> "reviewboard" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to reviewboard+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Chris Armstrong, Site Reliability Engineer at Socrata

-- 
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
---
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
---
Happy user? Let us know at http://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to