Generally speaking, the contents of a password should never be a problem. We don't store passwords, just hashes (we use Django's implementation of the PBKDF2 algorithm), and compare against those. This is assuming that the auth backend isn't doing anything special with the password, but I know there's a custom backend in play here.
Two possibilities spring to mind: 1) If the server is internal to the network, but the users are using HTTP proxies, they should try passing --disable-proxy when running `rbt post`, see if that solves anything. We've seen cases in the past where some proxy servers have interfered with authentication or have messed with headers. 2) Given that you have a custom auth backend, it's always possible that it's not quite doing what you expect for some of these users. My suspicions are that #2 is the issue. The reason is that auth tokens do not go through the auth backend, but do use the Authorization HTTP header, so it's *probably* not the proxy server. Auth tokens are handled at a different layer, which compares them against the user's list of generated tokens. If they're working, but a username/password for the same user is failing, it means that the auth backend is rejecting the credentials at some level, so perhaps either the auth backend itself is doing something wrong (maybe handling the string types incorrectly and breaking with special characters, or the credentials are being passing to the wrong LDAP server, or something), or there's a configuration issue somewhere involving the LDAP server or your Review Board server's config for it. We do offer assistance with debugging in-house extensions and customizations in a Premium Support contract, if you're interested in hearing more about that. I'm not sure about your operation, but if you're managing a number of servers for different clients and maintaining customizations, and part of your business depends on all this working without interruption, you might find it to be valuable. Support is confidential and generally is going to be much faster than on here. We can find something that works for you, if you'd like me to reach out with more details and put together a quote. Christian On Tue, Jul 23, 2019 at 3:03 AM Paul Mansfield < [email protected]> wrote: > just a thought, but do your users have complex passwords with interesting > punctuation? are they using single or double quotes when providing > usernames/passwords and require complex escaping of punctuation? > > > >> -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/reviewboard/fa6ac324-a504-486e-89f1-310db3a7a5b6%40googlegroups.com > <https://groups.google.com/d/msgid/reviewboard/fa6ac324-a504-486e-89f1-310db3a7a5b6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAE7Vnd%3DO4CyOb5ipZfm9-drEhGbPQopLu88o35v7SBwnJNfyKQ%40mail.gmail.com.
