Re: LDAP authentication error
> > ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U admin > My bad editing post. I actually executed -U dummy2 and it got updated successfully and as intended. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/bd4e944c-f3f5-4b9e-9e3c-f548c578ca98%40googlegroups.com.
Re: LDAP authentication error
One problem was my LDAP connection settings.
This is almost working for me (thanks to Paul Mansfield):
-> Authentication Method: LDAP
-> LDAP Server: ldap://192.168.x.x:389
-> Review Board LDAP Bind Account: cn=auth,cn=Users,dc=domain,dc=co,dc=uk
-> Review Board LDAP Bind Password:
-> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk
-> Username Attribute: uid
-> Given Name Attribute: givenName
-> Surname Attribute: sn
-> Full Name Attribute: cn
-> E-Mail LDAP Attribute: mail
-> E-Mail Domain: (blank)
-> Custom LDAP User Search Filter: (blank)
Now I have a weird problem with about half of users being able to log in:
2020-05-26 11:32:07,623 - DEBUG - - root - Attempting to authenticate user
DN "CN=dummy1,CN=Users,DC=domain,DC=co,DC=uk" (username dummy1) in LDAP
and half unable:
2020-05-26 11:40:57,671 - ERROR - - root - Unexpected error authenticating
user "dummy2" in LDAP: 'NoneType' object has no attribute 'decode'
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/reviewboard/accounts/backends/ldap.py"
, line 146, in authenticate
userdn.decode('utf-8'), username)
AttributeError: 'NoneType' object has no attribute 'decode'
After ruling out the obvious such as AD groups membership and primary
groups I compared ldapsearch dumps:
ldapsearch -D 'ad...@domain.co.uk' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H
ldap://192.168.x.x -W sAMAccountName=dummy
I've noticed that all of those who cannot log in are missing msSFU30Name
and msDS-SupportedEncryptionTypes attributes.
I've added them to match settings for the successful users as below:
dummy2.ldif
dn: CN=dummy2,CN=Users,DC=domain,DC=co,DC=uk
changetype: modify
add: msSFU30Name
msSFU30Name: dummy2
add: msDS-SupportedEncryptionTypes
msDS-SupportedEncryptionTypes: 0
ldbmodify -H /var/lib/samba/private/sam.ldb dummy2.ldif -U admin
Modified 1 records successfully
Unfortunately it didn't help and I really don't get why.
TBH I haven't been able to find any failed login attempts logged on the
samba4 LDAP/DC server.
Any ideas?
--
Supercharge your Review Board with Power Pack:
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons:
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard/f3533015-6f9d-4596-912c-28502ec69381%40googlegroups.com.
Re: LDAP authentication error
The LDAP server listens on both 389 / 636 and I can telnet to either port from Review Board client fine. A logging in attempt generates traffic with 13 packets being exchanged: RB - Review Board client LD - LDAP server [ ] - flag 1. RB -> LD [S] 2. LD -> RB [S.] 3. RB -> LD [.] 4. RB -> LD [P.] 5. LD -> RB [.] 6. LD -> RB [P.] 7. RB -> LD [.] 8. RB -> LD [P.] 9. LD -> RB [P.] 10. RB -> LD [P.] 11. RB -> LD [F.] 12. LD -> RB [F.] 13. RB -> LD [.] -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/f48bd2ed-31b2-44d8-a72e-2263cd0c1932%40googlegroups.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 13:35, Adam Weremczuk wrote: > Is my version (3.2.0) known to be problematic and are you suggesting 2.4.15 ? No, I just wanted to be sure that reviewboard would be able to load python ldap if it needed it. if you run "sudo netstat -anp | grep -E '389|636' " and then "tcpdump port 389 or port 686" can you verify that reviewboard is actually making a connection to the ldap server? -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAMukpcAiWa2EobdaxWasaG_XoH5Ba8Yy2oGq5aDV%2BqZJByNZSA%40mail.gmail.com.
Re: LDAP authentication error
pip2 install python-ldap Requirement already satisfied: python-ldap in /usr/local/lib/python2.7/dist-packages Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python2.7/dist-packages (from python-ldap) Requirement already satisfied: pyasn1-modules>=0.1.5 in /usr/local/lib/python2.7/dist-packages (from python-ldap) Is my version (3.2.0) known to be problematic and are you suggesting 2.4.15 ? > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CALC-DAHM5VA7wzupBU3bTQTC4VZvrCfMjksFmLDK1eVMroxphQ%40mail.gmail.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 12:06, Paul Mansfield wrote: > > do you have python (2.x) ldap module installed? > > pip2 list | egrep ldap DEPRECATION: The default format will switch to columns in the future. You can use --format=(legacy|columns) (or define a format=(legacy|columns) in your pip.conf under the [list] section) to disable this warning. python-ldap (3.2.0) -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CALC-DAGXdmn_g-noPJnh1BZHBHDwZMdsRscLATdhYZkCDzyy7w%40mail.gmail.com.
Re: LDAP authentication error
On Thu, 21 May 2020 at 11:52, Adam Weremczuk wrote: > My LDAP settings: do you have python (2.x) ldap module installed? $ pip2 list | egrep ldap DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support python-ldap 2.4.15 -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAMukpcBh52M_TxbihdKpZD%3D08p44-nF4NLbOBC6PcLV%2BsWqHmw%40mail.gmail.com.
LDAP authentication error
Hi all,
Review Board 3.0.17
My LDAP settings:
-> Authentication Method: LDAP
-> LDAP Server: ldap://192.168.x.x:389
-> Review Board LDAP Bind Account: a...@domain.co.uk
-> Review Board LDAP Bind Password:
-> LDAP Base DN: cn=Users,dc=domain,dc=co,dc=uk
-> Username Attribute: sAMAccountName
-> Given Name Attribute: givenName
-> Surname Attribute: sn
-> Full Name Attribute: displayName
-> E-Mail LDAP Attribute: mail
-> E-Mail Domain: (blank)
-> Custom LDAP User Search Filter: sAMAccountName=%s
My ldapsearch results:
ldapsearch -D 'du...@domain.co.uk' -b 'cn=Users,dc=domain,dc=co,dc=uk' -H
ldap://192.168.x.x -W sAMAccountName=dummy
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: sAMAccountName=dummy
# requesting: ALL
#
# dummy, Users, domain.co.uk
dn: CN=dummy,CN=Users,DC=domain,DC=co,DC=uk
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sn: Account
givenName: Dummy
instanceType: 4
whenCreated: 20180313125318.0Z
displayName: Dummy Account
uSNCreated: 2511997
objectGUID:: Y5A3vaWhyuKF9j3q/Ek+9w==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
objectSid:: AQUAAAUVyHdPCeZosyKsV0w3FAUAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: dummy
sAMAccountType: 805306368
userPrincipalName: du...@domain.co.uk
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=co,DC
=uk
userAccountControl: 66048
cn: dummy
name: dummy
memberOf: CN=Domain Users,CN=Users,DC=domain,DC=co,DC=uk
memberOf: CN=Remote Desktop Users,CN=Builtin,DC=domain,DC=co,DC=uk
memberOf: CN=RDP Domain Users,CN=Users,DC=domain,DC=co,DC=uk
primaryGroupID: 2354
msSFU30NisDomain: example_domain
uidNumber: 5652
loginShell: /bin/bash
unixHomeDirectory: /home/dummy
gidNumber: 4700
msSFU30Name: dummy
uid: dummy
mail: du...@domain.com
pwdLastSet: 13217705164000
whenChanged: 20191108164604.0Z
uSNChanged: 3800280
distinguishedName: CN=dummy,CN=Users,DC=domain,DC=co,DC=uk
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
On login attempt Review Board error log produces:
2020-05-21 10:43:09,771 - INFO - - root - Reloading logging settings
2020-05-21 10:43:09,772 - DEBUG - - root - Logging to
/var/log/reviewboard/reviewboard.log with a minimum level of DEBUG
2020-05-21 10:43:09,826 - WARNING - - root - Error authenticating user
"dummy" in LDAP: {'info': u'acl_read: Error retrieving instanceType for
base. at ../source4/dsdb/samdb/ldb_modules/acl_read.c:356', 'desc': u'No
such object'}
2020-05-21 10:43:09,827 - ERROR - - root - Unexpected error authenticating
user "dummy" in LDAP: 'NoneType' object has no attribute 'decode'
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/reviewboard/accounts/backends/ldap.py",
line 146, in authenticate
userdn.decode('utf-8'), username)
AttributeError: 'NoneType' object has no attribute 'decode'
Is it related to DB backend being set up as MySQL 5.7 with utf8 or
something else?
--
Supercharge your Review Board with Power Pack:
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons:
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard/4711e7ae-60ab-42fd-8b55-2b708bb0d62c%40googlegroups.com.
Re: Active directory/ LDAP authentication error
On Mon, 2015-02-23 at 11:37 -0800, JToThe DBizzle wrote: > Hi there, > > I have installed Review Board 1.7 on a Centos 6 server using YUM. I > am having difficulty getting AD authentication working, I have used > Active directory and LDAP and each time I get an error with the > domain controller's certificate. If I connect without using TLS I am > told that it is required. I have copied the ca root certificate cert > onto the server and imported it by copying it to /etc/pki/ca- > trust/source/anchors/ and running the command update-ca-trust > extract. > > Currently while testing with LDAP I get the error TLS error - > 8179:Peer's Certificate issuer is not recognized. I have read that > this possible could be an issue in the version and that upgrading to > version 2.x could resolve it however there are no updates available > using yum. > I have been thrashing around with this for some time now so I needed > to reach out for some help. I don't think update-ca-trust works with libldap on CentOS 6. You probably need to drop the server certificate into /etc/openldap/certs/ and then run cacertdir_rehash /etc/openldap/certs/ It should work after that. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Active directory/ LDAP authentication error
Hi there, I have installed Review Board 1.7 on a Centos 6 server using YUM. I am having difficulty getting AD authentication working, I have used Active directory and LDAP and each time I get an error with the domain controller's certificate. If I connect without using TLS I am told that it is required. I have copied the ca root certificate cert onto the server and imported it by copying it to /etc/pki/ca-trust/source/anchors/ and running the command update-ca-trust extract. Currently while testing with LDAP I get the error TLS error -8179:Peer's Certificate issuer is not recognized. I have read that this possible could be an issue in the version and that upgrading to version 2.x could resolve it however there are no updates available using yum. I have been thrashing around with this for some time now so I needed to reach out for some help. Thanks in advance, James. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
