Re: LDAP authentication error
> > ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U admin > My bad editing post. I actually executed -U dummy2 and it got updated successfully and as intended. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/bd4e944c-f3f5-4b9e-9e3c-f548c578ca98%40googlegroups.com.
Re: LDAP authentication error
One problem was my LDAP connection settings. This is almost working for me (thanks to Paul Mansfield): -> Authentication Method: LDAP -> LDAP Server: ldap://192.168.x.x:389 -> Review Board LDAP Bind Account: cn=auth,cn=Users,dc=domain,dc=co,dc=uk -> Review Board LDAP Bind Password: -> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk -> Username Attribute: uid -> Given Name Attribute: givenName -> Surname Attribute: sn -> Full Name Attribute: cn -> E-Mail LDAP Attribute: mail -> E-Mail Domain: (blank) -> Custom LDAP User Search Filter: (blank) Now I have a weird problem with about half of users being able to log in: 2020-05-26 11:32:07,623 - DEBUG - - root - Attempting to authenticate user DN "CN=dummy1,CN=Users,DC=domain,DC=co,DC=uk" (username dummy1) in LDAP and half unable: 2020-05-26 11:40:57,671 - ERROR - - root - Unexpected error authenticating user "dummy2" in LDAP: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/reviewboard/accounts/backends/ldap.py" , line 146, in authenticate userdn.decode('utf-8'), username) AttributeError: 'NoneType' object has no attribute 'decode' After ruling out the obvious such as AD groups membership and primary groups I compared ldapsearch dumps: ldapsearch -D 'ad...@domain.co.uk' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H ldap://192.168.x.x -W sAMAccountName=dummy I've noticed that all of those who cannot log in are missing msSFU30Name and msDS-SupportedEncryptionTypes attributes. I've added them to match settings for the successful users as below: dummy2.ldif dn: CN=dummy2,CN=Users,DC=domain,DC=co,DC=uk changetype: modify add: msSFU30Name msSFU30Name: dummy2 add: msDS-SupportedEncryptionTypes msDS-SupportedEncryptionTypes: 0 ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U admin Modified 1 records successfully Unfortunately it didn't help and I really don't get why. TBH I haven't been able to find any failed login attempts logged on the samba4 LDAP/DC server. Any ideas? -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/f3533015-6f9d-4596-912c-28502ec69381%40googlegroups.com.
Re: LDAP authentication error
The LDAP server listens on both 389 / 636 and I can telnet to either port from Review Board client fine. A logging in attempt generates traffic with 13 packets being exchanged: RB - Review Board client LD - LDAP server [ ] - flag 1. RB -> LD [S] 2. LD -> RB [S.] 3. RB -> LD [.] 4. RB -> LD [P.] 5. LD -> RB [.] 6. LD -> RB [P.] 7. RB -> LD [.] 8. RB -> LD [P.] 9. LD -> RB [P.] 10. RB -> LD [P.] 11. RB -> LD [F.] 12. LD -> RB [F.] 13. RB -> LD [.] -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/f48bd2ed-31b2-44d8-a72e-2263cd0c1932%40googlegroups.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 13:35, Adam Weremczuk wrote: > Is my version (3.2.0) known to be problematic and are you suggesting 2.4.15 ? No, I just wanted to be sure that reviewboard would be able to load python ldap if it needed it. if you run "sudo netstat -anp | grep -E '389|636' " and then "tcpdump port 389 or port 686" can you verify that reviewboard is actually making a connection to the ldap server? -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAMukpcAiWa2EobdaxWasaG_XoH5Ba8Yy2oGq5aDV%2BqZJByNZSA%40mail.gmail.com.
Re: LDAP authentication error
pip2 install python-ldap Requirement already satisfied: python-ldap in /usr/local/lib/python2.7/dist-packages Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python2.7/dist-packages (from python-ldap) Requirement already satisfied: pyasn1-modules>=0.1.5 in /usr/local/lib/python2.7/dist-packages (from python-ldap) Is my version (3.2.0) known to be problematic and are you suggesting 2.4.15 ? > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CALC-DAHM5VA7wzupBU3bTQTC4VZvrCfMjksFmLDK1eVMroxphQ%40mail.gmail.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 12:06, Paul Mansfield wrote: > > do you have python (2.x) ldap module installed? > > pip2 list | egrep ldap DEPRECATION: The default format will switch to columns in the future. You can use --format=(legacy|columns) (or define a format=(legacy|columns) in your pip.conf under the [list] section) to disable this warning. python-ldap (3.2.0) -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CALC-DAGXdmn_g-noPJnh1BZHBHDwZMdsRscLATdhYZkCDzyy7w%40mail.gmail.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 11:52, Adam Weremczuk wrote: > My LDAP settings: do you have python (2.x) ldap module installed? $ pip2 list | egrep ldap DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support python-ldap 2.4.15 -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAMukpcBh52M_TxbihdKpZD%3D08p44-nF4NLbOBC6PcLV%2BsWqHmw%40mail.gmail.com.
LDAP authentication error
Hi all, Review Board 3.0.17 My LDAP settings: -> Authentication Method: LDAP -> LDAP Server: ldap://192.168.x.x:389 -> Review Board LDAP Bind Account: a...@domain.co.uk -> Review Board LDAP Bind Password: -> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk -> Username Attribute: sAMAccountName -> Given Name Attribute: givenName -> Surname Attribute: sn -> Full Name Attribute: displayName -> E-Mail LDAP Attribute: mail -> E-Mail Domain: (blank) -> Custom LDAP User Search Filter: sAMAccountName=%s My ldapsearch results: ldapsearch -D 'du...@domain.co.uk' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H ldap://192.168.x.x -W sAMAccountName=dummy Enter LDAP Password: # extended LDIF # # LDAPv3 # base with scope subtree # filter: sAMAccountName=dummy # requesting: ALL # # dummy, Users, domain.co.uk dn: CN=dummy,CN=Users,DC=domain,DC=co,DC=uk objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user sn: Account givenName: Dummy instanceType: 4 whenCreated: 20180313125318.0Z displayName: Dummy Account uSNCreated: 2511997 objectGUID:: Y5A3vaWhyuKF9j3q/Ek+9w== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 objectSid:: AQUAAAUVyHdPCeZosyKsV0w3FAUAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: dummy sAMAccountType: 805306368 userPrincipalName: du...@domain.co.uk objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=co,DC =uk userAccountControl: 66048 cn: dummy name: dummy memberOf: CN=Domain Users,CN=Users,DC=domain,DC=co,DC=uk memberOf: CN=Remote Desktop Users,CN=Builtin,DC=domain,DC=co,DC=uk memberOf: CN=RDP Domain Users,CN=Users,DC=domain,DC=co,DC=uk primaryGroupID: 2354 msSFU30NisDomain: example_domain uidNumber: 5652 loginShell: /bin/bash unixHomeDirectory: /home/dummy gidNumber: 4700 msSFU30Name: dummy uid: dummy mail: du...@domain.com pwdLastSet: 13217705164000 whenChanged: 20191108164604.0Z uSNChanged: 3800280 distinguishedName: CN=dummy,CN=Users,DC=domain,DC=co,DC=uk # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 On login attempt Review Board error log produces: 2020-05-21 10:43:09,771 - INFO - - root - Reloading logging settings 2020-05-21 10:43:09,772 - DEBUG - - root - Logging to /var/log/reviewboard/reviewboard.log with a minimum level of DEBUG 2020-05-21 10:43:09,826 - WARNING - - root - Error authenticating user "dummy" in LDAP: {'info': u'acl_read: Error retrieving instanceType for base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:356', 'desc': u'No such object'} 2020-05-21 10:43:09,827 - ERROR - - root - Unexpected error authenticating user "dummy" in LDAP: 'NoneType' object has no attribute 'decode' Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/reviewboard/accounts/backends/ldap.py", line 146, in authenticate userdn.decode('utf-8'), username) AttributeError: 'NoneType' object has no attribute 'decode' Is it related to DB backend being set up as MySQL 5.7 with utf8 or something else? -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/4711e7ae-60ab-42fd-8b55-2b708bb0d62c%40googlegroups.com.
Re: Active directory/ LDAP authentication error
On Mon, 2015-02-23 at 11:37 -0800, JToThe DBizzle wrote: > Hi there, > > I have installed Review Board 1.7 on a Centos 6 server using YUM. I > am having difficulty getting AD authentication working, I have used > Active directory and LDAP and each time I get an error with the > domain controller's certificate. If I connect without using TLS I am > told that it is required. I have copied the ca root certificate cert > onto the server and imported it by copying it to /etc/pki/ca- > trust/source/anchors/ and running the command update-ca-trust > extract. > > Currently while testing with LDAP I get the error TLS error - > 8179:Peer's Certificate issuer is not recognized. I have read that > this possible could be an issue in the version and that upgrading to > version 2.x could resolve it however there are no updates available > using yum. > I have been thrashing around with this for some time now so I needed > to reach out for some help. I don't think update-ca-trust works with libldap on CentOS 6. You probably need to drop the server certificate into /etc/openldap/certs/ and then run cacertdir_rehash /etc/openldap/certs/ It should work after that. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Active directory/ LDAP authentication error
Hi there, I have installed Review Board 1.7 on a Centos 6 server using YUM. I am having difficulty getting AD authentication working, I have used Active directory and LDAP and each time I get an error with the domain controller's certificate. If I connect without using TLS I am told that it is required. I have copied the ca root certificate cert onto the server and imported it by copying it to /etc/pki/ca-trust/source/anchors/ and running the command update-ca-trust extract. Currently while testing with LDAP I get the error TLS error -8179:Peer's Certificate issuer is not recognized. I have read that this possible could be an issue in the version and that upgrading to version 2.x could resolve it however there are no updates available using yum. I have been thrashing around with this for some time now so I needed to reach out for some help. Thanks in advance, James. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.