More evidence that this appears to be an issue with ReviewBoard handling this success case - trying a bad password raises the correct error, meaning the user account is indeed found and returned by LDAP:
[03/Dec/2013:17:52:03 -0800] CONNECT conn=42698 from=reviewboard:32879 to=ldap:1636 protocol=LDAPS [03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=0 msgID=1 type=SIMPLE dn="" [03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=0 msgID=1 result=0 authDN="" etime=1 [03/Dec/2013:17:52:03 -0800] SEARCH REQ conn=42698 op=1 msgID=2 base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)" attrs="ALL" [03/Dec/2013:17:52:03 -0800] SEARCH RES conn=42698 op=1 msgID=2 result=0 nentries=1 etime=1 [03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=2 msgID=3 type=SIMPLE dn="uid=johndoe,ou=Employees,dc=socrata,dc=com" [03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=2 msgID=3 result=49 authFailureID=196887 authFailureReason="The password provided by the user did not match any password(s) stored in the user's entry" etime=0 [03/Dec/2013:17:52:03 -0800] UNBIND REQ conn=42698 op=3 msgID=4 [03/Dec/2013:17:52:03 -0800] DISCONNECT conn=42698 reason="Client Unbind" ReviewBoard 2013-12-04 01:52:03,633 - WARNING - - LDAP error: The specified object does not exist in the Directory or provided invalid credentials: (uid=johndoe) On Wed, Dec 4, 2013 at 3:41 PM, Chris Armstrong <[email protected] > wrote: > I'm trying to get a new user provisioned in ReviewBoard. His account > exists in LDAP, but when he tries to log into ReviewBoard, he triggers a > "Bad search filter" error: > > 2013-12-04 01:51:59,695 - WARNING - - LDAP error: {'desc': 'Bad search > filter'} > > The LDAP server seems to be perfectly happy: > > [03/Dec/2013:17:51:59 -0800] CONNECT conn=42697 > from=reviewboard:32876to=ldap:1636 protocol=LDAPS > [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=0 msgID=1 type=SIMPLE > dn="" > [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=0 msgID=1 result=0 > authDN="" etime=0 > [03/Dec/2013:17:51:59 -0800] SEARCH REQ conn=42697 op=1 msgID=2 > base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)" > attrs="ALL" > [03/Dec/2013:17:51:59 -0800] SEARCH RES conn=42697 op=1 msgID=2 result=0 > nentries=1 etime=1 > [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=2 msgID=3 type=SIMPLE > dn="uid= johndoe,ou=Employees,dc=socrata,dc=com" > [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=2 msgID=3 result=0 > authDN="uid= johndoe,ou=Employees,dc=socrata,dc=com" etime=1 > [03/Dec/2013:17:51:59 -0800] UNBIND REQ conn=42697 op=3 msgID=5 > [03/Dec/2013:17:51:59 -0800] DISCONNECT conn=42697 reason="Client Unbind"+ > > For comparison, I logged in successfully, and the output seems to be > identical: > > [04/Dec/2013:09:42:38 -0800] CONNECT conn=42706 > from=reviewboard:34744to=ldap:1636 protocol=LDAPS > [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=0 msgID=1 type=SIMPLE > dn="" > [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=0 msgID=1 result=0 > authDN="" etime=0 > [04/Dec/2013:09:42:39 -0800] SEARCH REQ conn=42706 op=1 msgID=2 > base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=carmstrong)" > attrs="ALL" > [04/Dec/2013:09:42:39 -0800] SEARCH RES conn=42706 op=1 msgID=2 result=0 > nentries=1 etime=0 > [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=2 msgID=3 type=SIMPLE > dn="uid=carmstrong,ou=Employees,dc=socrata,dc=com" > [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=2 msgID=3 result=0 > authDN="uid=carmstrong,ou=Employees,dc=socrata,dc=com" etime=1 > [04/Dec/2013:09:42:39 -0800] UNBIND REQ conn=42706 op=3 msgID=4 > [04/Dec/2013:09:42:39 -0800] DISCONNECT conn=42706 reason="Client Unbind" > > We were running 1.7.16, but I upgraded to 1.7.19 and still see the issue. > The workaround for this is to provision them in ReviewBoard manually, but > obviously this is less-than-ideal as it defeats the entire purpose of > LDAP... > > Does anyone have any idea what this can be? Did the provisioning of new > users from LDAP break some time ago, and noone noticed? > > -- > Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ > --- > Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ > --- > Happy user? Let us know at http://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "reviewboard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Chris Armstrong, Site Reliability Engineer at Socrata -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
