One problem was my LDAP connection settings. This is almost working for me (thanks to Paul Mansfield):
-> Authentication Method: LDAP -> LDAP Server: ldap://192.168.x.x:389 -> Review Board LDAP Bind Account: cn=auth,cn=Users,dc=domain,dc=co,dc=uk -> Review Board LDAP Bind Password: ******** -> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk -> Username Attribute: uid -> Given Name Attribute: givenName -> Surname Attribute: sn -> Full Name Attribute: cn -> E-Mail LDAP Attribute: mail -> E-Mail Domain: (blank) -> Custom LDAP User Search Filter: (blank) Now I have a weird problem with about half of users being able to log in: 2020-05-26 11:32:07,623 - DEBUG - - root - Attempting to authenticate user DN "CN=dummy1,CN=Users,DC=domain,DC=co,DC=uk" (username dummy1) in LDAP and half unable: 2020-05-26 11:40:57,671 - ERROR - - root - Unexpected error authenticating user "dummy2" in LDAP: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/reviewboard/accounts/backends/ldap.py" , line 146, in authenticate userdn.decode('utf-8'), username) AttributeError: 'NoneType' object has no attribute 'decode' After ruling out the obvious such as AD groups membership and primary groups I compared ldapsearch dumps: ldapsearch -D '[email protected]' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H ldap://192.168.x.x -W sAMAccountName=dummy I've noticed that all of those who cannot log in are missing msSFU30Name and msDS-SupportedEncryptionTypes attributes. I've added them to match settings for the successful users as below: dummy2.ldif dn: CN=dummy2,CN=Users,DC=domain,DC=co,DC=uk changetype: modify add: msSFU30Name msSFU30Name: dummy2 add: msDS-SupportedEncryptionTypes msDS-SupportedEncryptionTypes: 0 ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U admin Modified 1 records successfully Unfortunately it didn't help and I really don't get why. TBH I haven't been able to find any failed login attempts logged on the samba4 LDAP/DC server. Any ideas? -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/f3533015-6f9d-4596-912c-28502ec69381%40googlegroups.com.
