Re: authentication settings page issues in 1.5beta1
Hi Michael, If AD is set, Review Board will use AD to authenticate for that user, regardless of whether there was previously a user entry created with the built-in authentication mechanism. What will happen is that there will be a database entry for that user created through either method, and if AD is set as the auth method, we will ask the AD server to authenticate instead of the built-in auth. I don't believe you can have Apache hand over auth like that. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Mar 10, 2010 at 7:21 AM, Michael wrote: > A couple of questions about alternatives for me: > > 1. I figure I can have everyone create a local username that matches > their AD login name. > If I later on turn on AD in RB can I do something to the database to > effectively "switch" those users to AD without having to delete and > recreate accounts? > Initially there will be < 10 of us on here, so I'm not opposed to > manually editing database rows if that would make it possible. > > 2. Alternatively, can I have Apache do the AD authentication and hand > those credentials off to RB? > I can't tell if Apache auth is possible with RB or not. > > > Thanks, > Michael > > On Mar 10, 8:02 am, Michael wrote: > > Submitted as Issue 1536. > > > > Thanks, > > Michael > > > > On Mar 9, 3:26 pm, Christian Hammond wrote: > > > > > > > > > Would you mind filing a bug so we can track it for 1.5? This sounds bad > and > > > I want to make sure it doesn't slip. > > > > > I've looked through the code and can't determine why this would happen > > > unless the server was in fact claiming that the user exists. > > > > > Christian > > > > > -- > > > Christian Hammond - chip...@chipx86.com > > > Review Board -http://www.reviewboard.org > > > VMware, Inc. -http://www.vmware.com > > > > > On Tue, Mar 9, 2010 at 12:17 PM, Michael >wrote: > > > > > > I'm actually having the same problem (I think). > > > > I can set up a site, create an admin user with a name that I know is > > > > not inAD, set RB to useAD, then become totally locked out of that > > > > site. > > > >ADdoesn't work and the admin login doesn't work anymore. > > > > I have to just delete the site and recreate it using "rb-site > > > > install". > > > > I even tried turning logging on before switchingADlogins on and, > > > > well, after I got the generic startup messages (2 lines total) > nothing > > > > appeared in the log. > > > > No errors, no failure messages, *nothing at all*. > > > > > > Oh, I have TLS off for myADconnections. I can use various LDAP > > > > browsers to connect to the domain controller without encryption and > > > > browse around, so I figure I don't need encryption or any additional > > > > permissions. > > > > > > Thanks, > > > > Michael > > > > > > On Mar 2, 5:52 pm, Christian Hammond wrote: > > > > > Is this only happening with the newer release, and not an older > one? I > > > > don't > > > > > know what would have changed to affect this between the releases. > > > > > > > I recommend checking the log file (assuming logging is turned on) > and > > > > seeing > > > > > if there are any errors. > > > > > > > Christian > > > > > > > -- > > > > > Christian Hammond - chip...@chipx86.com > > > > > Review Board -http://www.reviewboard.org > > > > > VMware, Inc. -http://www.vmware.com > > > > > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru < > arkay.al...@gmail.com > > > > >wrote: > > > > > > > > Hi Christian, > > > > > > > > After restarting apache. the admin login is failing. I cant login > using > > > > the > > > > > >ADusername/passwd login also. > > > > > > Since login page is using SSL and I setup LDAP to use TLS, I cant > see > > > > whats > > > > > > going on. > > > > > > I am guessing for admin user, RB is authenticating withAD. But I > cant > > > > > > explain whyADuser authentication is failing. > > > > > > > > Atleast the login page now is always showing the banner to "login > with > > > > > > standard username and password". > > > > > > Previously that was changing with each refresh. > > > > > > > > I will just rebuild the site or else revert to a previous release > and > > > > check > > > > > > there. > > > > > > > > thanks, > > > > > > Ravi. > > > > > > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond < > chip...@chipx86.com > > > > >wrote: > > > > > > > >> Hi Ravi, > > > > > > > >> This all sounds like the settings saving bug. Try saving your > auth > > > > > >> settings and then restarting Apache. > > > > > > > >> What's happening is that different Apache threads are seeing > different > > > > > >> versions of the settings, instead of staying in sync like they > should > > > > be. So > > > > > >> depending on what instance is handling your request, it may be > using > > > > your > > > > > >> auth settings, or it may not. > > > > > > > >> Christian > > > > > > > >> -- > > > > > >> Christian Hammond - chip...@chipx86.com > > >
Re: authentication settings page issues in 1.5beta1
A couple of questions about alternatives for me: 1. I figure I can have everyone create a local username that matches their AD login name. If I later on turn on AD in RB can I do something to the database to effectively "switch" those users to AD without having to delete and recreate accounts? Initially there will be < 10 of us on here, so I'm not opposed to manually editing database rows if that would make it possible. 2. Alternatively, can I have Apache do the AD authentication and hand those credentials off to RB? I can't tell if Apache auth is possible with RB or not. Thanks, Michael On Mar 10, 8:02 am, Michael wrote: > Submitted as Issue 1536. > > Thanks, > Michael > > On Mar 9, 3:26 pm, Christian Hammond wrote: > > > > > Would you mind filing a bug so we can track it for 1.5? This sounds bad and > > I want to make sure it doesn't slip. > > > I've looked through the code and can't determine why this would happen > > unless the server was in fact claiming that the user exists. > > > Christian > > > -- > > Christian Hammond - chip...@chipx86.com > > Review Board -http://www.reviewboard.org > > VMware, Inc. -http://www.vmware.com > > > On Tue, Mar 9, 2010 at 12:17 PM, Michael > > wrote: > > > > I'm actually having the same problem (I think). > > > I can set up a site, create an admin user with a name that I know is > > > not inAD, set RB to useAD, then become totally locked out of that > > > site. > > >ADdoesn't work and the admin login doesn't work anymore. > > > I have to just delete the site and recreate it using "rb-site > > > install". > > > I even tried turning logging on before switchingADlogins on and, > > > well, after I got the generic startup messages (2 lines total) nothing > > > appeared in the log. > > > No errors, no failure messages, *nothing at all*. > > > > Oh, I have TLS off for myADconnections. I can use various LDAP > > > browsers to connect to the domain controller without encryption and > > > browse around, so I figure I don't need encryption or any additional > > > permissions. > > > > Thanks, > > > Michael > > > > On Mar 2, 5:52 pm, Christian Hammond wrote: > > > > Is this only happening with the newer release, and not an older one? I > > > don't > > > > know what would have changed to affect this between the releases. > > > > > I recommend checking the log file (assuming logging is turned on) and > > > seeing > > > > if there are any errors. > > > > > Christian > > > > > -- > > > > Christian Hammond - chip...@chipx86.com > > > > Review Board -http://www.reviewboard.org > > > > VMware, Inc. -http://www.vmware.com > > > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru > > >wrote: > > > > > > Hi Christian, > > > > > > After restarting apache. the admin login is failing. I cant login > > > > > using > > > the > > > > >ADusername/passwd login also. > > > > > Since login page is using SSL and I setup LDAP to use TLS, I cant see > > > whats > > > > > going on. > > > > > I am guessing for admin user, RB is authenticating withAD. But I cant > > > > > explain whyADuser authentication is failing. > > > > > > Atleast the login page now is always showing the banner to "login with > > > > > standard username and password". > > > > > Previously that was changing with each refresh. > > > > > > I will just rebuild the site or else revert to a previous release and > > > check > > > > > there. > > > > > > thanks, > > > > > Ravi. > > > > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond > > >wrote: > > > > > >> Hi Ravi, > > > > > >> This all sounds like the settings saving bug. Try saving your auth > > > > >> settings and then restarting Apache. > > > > > >> What's happening is that different Apache threads are seeing > > > > >> different > > > > >> versions of the settings, instead of staying in sync like they should > > > be. So > > > > >> depending on what instance is handling your request, it may be using > > > your > > > > >> auth settings, or it may not. > > > > > >> Christian > > > > > >> -- > > > > >> Christian Hammond - chip...@chipx86.com > > > > >> Review Board -http://www.reviewboard.org > > > > >> VMware, Inc. -http://www.vmware.com > > > > > >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru < > > > arkay.al...@gmail.com>wrote: > > > > > >>> Hi, > > > > > >>> I am seeing that authentication is failing most of the times. Once > > > > >>> in > > > a > > > > >>> while it succeeds. I am currently running 1.5beta1. Any known issues > > > with > > > > >>> Active Directory (AD) backend? I found a few posts that referred to > > > making > > > > >>> sure ldap and DNS modules were available. I did confirm that. > > > > > >>> Also, the authentication settings at /admin/settings/authentication > > > dont > > > > >>> seem to be saved correctly. After savingADsettings in > > > authentication, if i > > > > >>> navigate back to authentication page, it shows standard registration > > > > >>> selected. Sometimes navigating away and returning to this > > > authentication > > > > >>>
Re: authentication settings page issues in 1.5beta1
Submitted as Issue 1536. Thanks, Michael On Mar 9, 3:26 pm, Christian Hammond wrote: > Would you mind filing a bug so we can track it for 1.5? This sounds bad and > I want to make sure it doesn't slip. > > I've looked through the code and can't determine why this would happen > unless the server was in fact claiming that the user exists. > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board -http://www.reviewboard.org > VMware, Inc. -http://www.vmware.com > > On Tue, Mar 9, 2010 at 12:17 PM, Michael wrote: > > > > > I'm actually having the same problem (I think). > > I can set up a site, create an admin user with a name that I know is > > not in AD, set RB to use AD, then become totally locked out of that > > site. > > AD doesn't work and the admin login doesn't work anymore. > > I have to just delete the site and recreate it using "rb-site > > install". > > I even tried turning logging on before switching AD logins on and, > > well, after I got the generic startup messages (2 lines total) nothing > > appeared in the log. > > No errors, no failure messages, *nothing at all*. > > > Oh, I have TLS off for my AD connections. I can use various LDAP > > browsers to connect to the domain controller without encryption and > > browse around, so I figure I don't need encryption or any additional > > permissions. > > > Thanks, > > Michael > > > On Mar 2, 5:52 pm, Christian Hammond wrote: > > > Is this only happening with the newer release, and not an older one? I > > don't > > > know what would have changed to affect this between the releases. > > > > I recommend checking the log file (assuming logging is turned on) and > > seeing > > > if there are any errors. > > > > Christian > > > > -- > > > Christian Hammond - chip...@chipx86.com > > > Review Board -http://www.reviewboard.org > > > VMware, Inc. -http://www.vmware.com > > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru > >wrote: > > > > > Hi Christian, > > > > > After restarting apache. the admin login is failing. I cant login using > > the > > > > AD username/passwd login also. > > > > Since login page is using SSL and I setup LDAP to use TLS, I cant see > > whats > > > > going on. > > > > I am guessing for admin user, RB is authenticating with AD. But I cant > > > > explain why AD user authentication is failing. > > > > > Atleast the login page now is always showing the banner to "login with > > > > standard username and password". > > > > Previously that was changing with each refresh. > > > > > I will just rebuild the site or else revert to a previous release and > > check > > > > there. > > > > > thanks, > > > > Ravi. > > > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond > >wrote: > > > > >> Hi Ravi, > > > > >> This all sounds like the settings saving bug. Try saving your auth > > > >> settings and then restarting Apache. > > > > >> What's happening is that different Apache threads are seeing different > > > >> versions of the settings, instead of staying in sync like they should > > be. So > > > >> depending on what instance is handling your request, it may be using > > your > > > >> auth settings, or it may not. > > > > >> Christian > > > > >> -- > > > >> Christian Hammond - chip...@chipx86.com > > > >> Review Board -http://www.reviewboard.org > > > >> VMware, Inc. -http://www.vmware.com > > > > >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru < > > arkay.al...@gmail.com>wrote: > > > > >>> Hi, > > > > >>> I am seeing that authentication is failing most of the times. Once in > > a > > > >>> while it succeeds. I am currently running 1.5beta1. Any known issues > > with > > > >>> Active Directory (AD) backend? I found a few posts that referred to > > making > > > >>> sure ldap and DNS modules were available. I did confirm that. > > > > >>> Also, the authentication settings at /admin/settings/authentication > > dont > > > >>> seem to be saved correctly. After saving AD settings in > > authentication, if i > > > >>> navigate back to authentication page, it shows standard registration > > > >>> selected. Sometimes navigating away and returning to this > > authentication > > > >>> page shows AD settings again. So I am not sure where to look for to > > find the > > > >>> issue. Any one seen similar issue have a workaround or where I can > > see in > > > >>> code to figure out? > > > > >>> thanks, > > > >>> Ravi. > > > > >>> ar...@dev:~$ python > > > >>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) > > > >>> [GCC 4.4.1] on linux2 > > > >>> Type "help", "copyright", "credits" or "license" for more > > information. > > > >>> >>> import ldap > > > >>> >>> import DNS > > > > >>> -- > > > >>> Want to help the Review Board project? Donate today at > > > >>>http://www.reviewboard.org/donate/ > > > >>> Happy user? Let us know athttp://www.reviewboard.org/users/ > > > >>> -~--~~~~--~~--~--~--- > > > >>> To unsubscribe from this group, send email to > > > >>> reviewboard+unsubscr...@googlegroups.c
Re: authentication settings page issues in 1.5beta1
Would you mind filing a bug so we can track it for 1.5? This sounds bad and I want to make sure it doesn't slip. I've looked through the code and can't determine why this would happen unless the server was in fact claiming that the user exists. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, Mar 9, 2010 at 12:17 PM, Michael wrote: > I'm actually having the same problem (I think). > I can set up a site, create an admin user with a name that I know is > not in AD, set RB to use AD, then become totally locked out of that > site. > AD doesn't work and the admin login doesn't work anymore. > I have to just delete the site and recreate it using "rb-site > install". > I even tried turning logging on before switching AD logins on and, > well, after I got the generic startup messages (2 lines total) nothing > appeared in the log. > No errors, no failure messages, *nothing at all*. > > > Oh, I have TLS off for my AD connections. I can use various LDAP > browsers to connect to the domain controller without encryption and > browse around, so I figure I don't need encryption or any additional > permissions. > > Thanks, > Michael > > On Mar 2, 5:52 pm, Christian Hammond wrote: > > Is this only happening with the newer release, and not an older one? I > don't > > know what would have changed to affect this between the releases. > > > > I recommend checking the log file (assuming logging is turned on) and > seeing > > if there are any errors. > > > > Christian > > > > -- > > Christian Hammond - chip...@chipx86.com > > Review Board -http://www.reviewboard.org > > VMware, Inc. -http://www.vmware.com > > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru >wrote: > > > > > > > > > Hi Christian, > > > > > After restarting apache. the admin login is failing. I cant login using > the > > > AD username/passwd login also. > > > Since login page is using SSL and I setup LDAP to use TLS, I cant see > whats > > > going on. > > > I am guessing for admin user, RB is authenticating with AD. But I cant > > > explain why AD user authentication is failing. > > > > > Atleast the login page now is always showing the banner to "login with > > > standard username and password". > > > Previously that was changing with each refresh. > > > > > I will just rebuild the site or else revert to a previous release and > check > > > there. > > > > > thanks, > > > Ravi. > > > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond >wrote: > > > > >> Hi Ravi, > > > > >> This all sounds like the settings saving bug. Try saving your auth > > >> settings and then restarting Apache. > > > > >> What's happening is that different Apache threads are seeing different > > >> versions of the settings, instead of staying in sync like they should > be. So > > >> depending on what instance is handling your request, it may be using > your > > >> auth settings, or it may not. > > > > >> Christian > > > > >> -- > > >> Christian Hammond - chip...@chipx86.com > > >> Review Board -http://www.reviewboard.org > > >> VMware, Inc. -http://www.vmware.com > > > > >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru < > arkay.al...@gmail.com>wrote: > > > > >>> Hi, > > > > >>> I am seeing that authentication is failing most of the times. Once in > a > > >>> while it succeeds. I am currently running 1.5beta1. Any known issues > with > > >>> Active Directory (AD) backend? I found a few posts that referred to > making > > >>> sure ldap and DNS modules were available. I did confirm that. > > > > >>> Also, the authentication settings at /admin/settings/authentication > dont > > >>> seem to be saved correctly. After saving AD settings in > authentication, if i > > >>> navigate back to authentication page, it shows standard registration > > >>> selected. Sometimes navigating away and returning to this > authentication > > >>> page shows AD settings again. So I am not sure where to look for to > find the > > >>> issue. Any one seen similar issue have a workaround or where I can > see in > > >>> code to figure out? > > > > >>> thanks, > > >>> Ravi. > > > > >>> ar...@dev:~$ python > > >>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) > > >>> [GCC 4.4.1] on linux2 > > >>> Type "help", "copyright", "credits" or "license" for more > information. > > >>> >>> import ldap > > >>> >>> import DNS > > > > >>> -- > > >>> Want to help the Review Board project? Donate today at > > >>>http://www.reviewboard.org/donate/ > > >>> Happy user? Let us know athttp://www.reviewboard.org/users/ > > >>> -~--~~~~--~~--~--~--- > > >>> To unsubscribe from this group, send email to > > >>> reviewboard+unsubscr...@googlegroups.com > > > >>> For more options, visit this group at > > >>>http://groups.google.com/group/reviewboard?hl=en > > > > >> -- > > >> Want to help the Review Board project? Donate today at > > >>http://www.reviewboard.org/donate/ > > >> Happy user? Let us know athttp
Re: authentication settings page issues in 1.5beta1
I'm actually having the same problem (I think). I can set up a site, create an admin user with a name that I know is not in AD, set RB to use AD, then become totally locked out of that site. AD doesn't work and the admin login doesn't work anymore. I have to just delete the site and recreate it using "rb-site install". I even tried turning logging on before switching AD logins on and, well, after I got the generic startup messages (2 lines total) nothing appeared in the log. No errors, no failure messages, *nothing at all*. Oh, I have TLS off for my AD connections. I can use various LDAP browsers to connect to the domain controller without encryption and browse around, so I figure I don't need encryption or any additional permissions. Thanks, Michael On Mar 2, 5:52 pm, Christian Hammond wrote: > Is this only happening with the newer release, and not an older one? I don't > know what would have changed to affect this between the releases. > > I recommend checking the log file (assuming logging is turned on) and seeing > if there are any errors. > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board -http://www.reviewboard.org > VMware, Inc. -http://www.vmware.com > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru wrote: > > > > > Hi Christian, > > > After restarting apache. the admin login is failing. I cant login using the > > AD username/passwd login also. > > Since login page is using SSL and I setup LDAP to use TLS, I cant see whats > > going on. > > I am guessing for admin user, RB is authenticating with AD. But I cant > > explain why AD user authentication is failing. > > > Atleast the login page now is always showing the banner to "login with > > standard username and password". > > Previously that was changing with each refresh. > > > I will just rebuild the site or else revert to a previous release and check > > there. > > > thanks, > > Ravi. > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond > > wrote: > > >> Hi Ravi, > > >> This all sounds like the settings saving bug. Try saving your auth > >> settings and then restarting Apache. > > >> What's happening is that different Apache threads are seeing different > >> versions of the settings, instead of staying in sync like they should be. > >> So > >> depending on what instance is handling your request, it may be using your > >> auth settings, or it may not. > > >> Christian > > >> -- > >> Christian Hammond - chip...@chipx86.com > >> Review Board -http://www.reviewboard.org > >> VMware, Inc. -http://www.vmware.com > > >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru > >> wrote: > > >>> Hi, > > >>> I am seeing that authentication is failing most of the times. Once in a > >>> while it succeeds. I am currently running 1.5beta1. Any known issues with > >>> Active Directory (AD) backend? I found a few posts that referred to making > >>> sure ldap and DNS modules were available. I did confirm that. > > >>> Also, the authentication settings at /admin/settings/authentication dont > >>> seem to be saved correctly. After saving AD settings in authentication, > >>> if i > >>> navigate back to authentication page, it shows standard registration > >>> selected. Sometimes navigating away and returning to this authentication > >>> page shows AD settings again. So I am not sure where to look for to find > >>> the > >>> issue. Any one seen similar issue have a workaround or where I can see in > >>> code to figure out? > > >>> thanks, > >>> Ravi. > > >>> ar...@dev:~$ python > >>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) > >>> [GCC 4.4.1] on linux2 > >>> Type "help", "copyright", "credits" or "license" for more information. > >>> >>> import ldap > >>> >>> import DNS > > >>> -- > >>> Want to help the Review Board project? Donate today at > >>>http://www.reviewboard.org/donate/ > >>> Happy user? Let us know athttp://www.reviewboard.org/users/ > >>> -~--~~~~--~~--~--~--- > >>> To unsubscribe from this group, send email to > >>> reviewboard+unsubscr...@googlegroups.com > >>> For more options, visit this group at > >>>http://groups.google.com/group/reviewboard?hl=en > > >> -- > >> Want to help the Review Board project? Donate today at > >>http://www.reviewboard.org/donate/ > >> Happy user? Let us know athttp://www.reviewboard.org/users/ > >> -~--~~~~--~~--~--~--- > >> To unsubscribe from this group, send email to > >> reviewboard+unsubscr...@googlegroups.com > >> For more options, visit this group at > >>http://groups.google.com/group/reviewboard?hl=en > > > -- > > Want to help the Review Board project? Donate today at > >http://www.reviewboard.org/donate/ > > Happy user? Let us know athttp://www.reviewboard.org/users/ > > -~--~~~~--~~--~--~--- > > To unsubscribe from this group, send email to > > reviewboard+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/reviewboard?hl=e
Re: authentication settings page issues in 1.5beta1
I'd be happy with that. To my knowledge, there aren't any patches for this today. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Sat, Mar 6, 2010 at 10:06 PM, Ravi Kondamuru wrote: > Adding the following line in authenticate function of > ActiveDirectoryBackend class after import ldap allowed me to get over this > issue: > > def authenticate(): > import ldap > + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) > > Christian, > It looks like there might be lot more in a similar situation. If such an > option is not already there or being worked on, will be you be interested in > me working on a patch to take this option in the ActiveDirectory settings > page? > thanks, > Ravi. > > On Sat, Mar 6, 2010 at 3:23 PM, Ravi Kondamuru wrote: > >> I spend some more time understanding the problem. I found that without TLS >> LDAP authentication is fine but fails when TLS is enabled, I am beginning to >> think that the issue due to the Active Directory being self-signed. TLS >> handshake might be aborting due to certificate being from an unknown CA. Is >> there a way to make python-ldap accept the certificate inspite of unkown CA? >> I am looking online but thought will sound it off to the group to see if any >> one resolved this issue. >> thanks, >> Ravi. >> >> >> On Tue, Mar 2, 2010 at 2:52 PM, Christian Hammond wrote: >> >>> Is this only happening with the newer release, and not an older one? I >>> don't know what would have changed to affect this between the releases. >>> >>> I recommend checking the log file (assuming logging is turned on) and >>> seeing if there are any errors. >>> >>> >>> Christian >>> >>> -- >>> Christian Hammond - chip...@chipx86.com >>> Review Board - http://www.reviewboard.org >>> VMware, Inc. - http://www.vmware.com >>> >>> >>> On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru wrote: >>> Hi Christian, After restarting apache. the admin login is failing. I cant login using the AD username/passwd login also. Since login page is using SSL and I setup LDAP to use TLS, I cant see whats going on. I am guessing for admin user, RB is authenticating with AD. But I cant explain why AD user authentication is failing. Atleast the login page now is always showing the banner to "login with standard username and password". Previously that was changing with each refresh. I will just rebuild the site or else revert to a previous release and check there. thanks, Ravi. On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond wrote: > Hi Ravi, > > This all sounds like the settings saving bug. Try saving your auth > settings and then restarting Apache. > > What's happening is that different Apache threads are seeing different > versions of the settings, instead of staying in sync like they should be. > So > depending on what instance is handling your request, it may be using your > auth settings, or it may not. > > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru > wrote: > >> Hi, >> >> I am seeing that authentication is failing most of the times. Once in >> a while it succeeds. I am currently running 1.5beta1. Any known issues >> with >> Active Directory (AD) backend? I found a few posts that referred to >> making >> sure ldap and DNS modules were available. I did confirm that. >> >> Also, the authentication settings at /admin/settings/authentication >> dont seem to be saved correctly. After saving AD settings in >> authentication, >> if i navigate back to authentication page, it shows standard registration >> selected. Sometimes navigating away and returning to this authentication >> page shows AD settings again. So I am not sure where to look for to find >> the >> issue. Any one seen similar issue have a workaround or where I can see in >> code to figure out? >> >> thanks, >> Ravi. >> >> ar...@dev:~$ python >> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) >> [GCC 4.4.1] on linux2 >> Type "help", "copyright", "credits" or "license" for more information. >> >>> import ldap >> >>> import DNS >> >>> >> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group
Re: authentication settings page issues in 1.5beta1
Adding the following line in authenticate function of ActiveDirectoryBackend class after import ldap allowed me to get over this issue: def authenticate(): import ldap + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) Christian, It looks like there might be lot more in a similar situation. If such an option is not already there or being worked on, will be you be interested in me working on a patch to take this option in the ActiveDirectory settings page? thanks, Ravi. On Sat, Mar 6, 2010 at 3:23 PM, Ravi Kondamuru wrote: > I spend some more time understanding the problem. I found that without TLS > LDAP authentication is fine but fails when TLS is enabled, I am beginning to > think that the issue due to the Active Directory being self-signed. TLS > handshake might be aborting due to certificate being from an unknown CA. Is > there a way to make python-ldap accept the certificate inspite of unkown CA? > I am looking online but thought will sound it off to the group to see if any > one resolved this issue. > thanks, > Ravi. > > > On Tue, Mar 2, 2010 at 2:52 PM, Christian Hammond wrote: > >> Is this only happening with the newer release, and not an older one? I >> don't know what would have changed to affect this between the releases. >> >> I recommend checking the log file (assuming logging is turned on) and >> seeing if there are any errors. >> >> >> Christian >> >> -- >> Christian Hammond - chip...@chipx86.com >> Review Board - http://www.reviewboard.org >> VMware, Inc. - http://www.vmware.com >> >> >> On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru wrote: >> >>> Hi Christian, >>> >>> After restarting apache. the admin login is failing. I cant login using >>> the AD username/passwd login also. >>> Since login page is using SSL and I setup LDAP to use TLS, I cant see >>> whats going on. >>> I am guessing for admin user, RB is authenticating with AD. But I cant >>> explain why AD user authentication is failing. >>> >>> Atleast the login page now is always showing the banner to "login with >>> standard username and password". >>> Previously that was changing with each refresh. >>> >>> I will just rebuild the site or else revert to a previous release and >>> check there. >>> >>> thanks, >>> Ravi. >>> >>> >>> On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond >>> wrote: >>> Hi Ravi, This all sounds like the settings saving bug. Try saving your auth settings and then restarting Apache. What's happening is that different Apache threads are seeing different versions of the settings, instead of staying in sync like they should be. So depending on what instance is handling your request, it may be using your auth settings, or it may not. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru wrote: > Hi, > > I am seeing that authentication is failing most of the times. Once in a > while it succeeds. I am currently running 1.5beta1. Any known issues with > Active Directory (AD) backend? I found a few posts that referred to making > sure ldap and DNS modules were available. I did confirm that. > > Also, the authentication settings at /admin/settings/authentication > dont seem to be saved correctly. After saving AD settings in > authentication, > if i navigate back to authentication page, it shows standard registration > selected. Sometimes navigating away and returning to this authentication > page shows AD settings again. So I am not sure where to look for to find > the > issue. Any one seen similar issue have a workaround or where I can see in > code to figure out? > > thanks, > Ravi. > > ar...@dev:~$ python > Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) > [GCC 4.4.1] on linux2 > Type "help", "copyright", "credits" or "license" for more information. > >>> import ldap > >>> import DNS > >>> > > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/gro
Re: authentication settings page issues in 1.5beta1
I spend some more time understanding the problem. I found that without TLS LDAP authentication is fine but fails when TLS is enabled, I am beginning to think that the issue due to the Active Directory being self-signed. TLS handshake might be aborting due to certificate being from an unknown CA. Is there a way to make python-ldap accept the certificate inspite of unkown CA? I am looking online but thought will sound it off to the group to see if any one resolved this issue. thanks, Ravi. On Tue, Mar 2, 2010 at 2:52 PM, Christian Hammond wrote: > Is this only happening with the newer release, and not an older one? I > don't know what would have changed to affect this between the releases. > > I recommend checking the log file (assuming logging is turned on) and > seeing if there are any errors. > > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru wrote: > >> Hi Christian, >> >> After restarting apache. the admin login is failing. I cant login using >> the AD username/passwd login also. >> Since login page is using SSL and I setup LDAP to use TLS, I cant see >> whats going on. >> I am guessing for admin user, RB is authenticating with AD. But I cant >> explain why AD user authentication is failing. >> >> Atleast the login page now is always showing the banner to "login with >> standard username and password". >> Previously that was changing with each refresh. >> >> I will just rebuild the site or else revert to a previous release and >> check there. >> >> thanks, >> Ravi. >> >> >> On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond wrote: >> >>> Hi Ravi, >>> >>> This all sounds like the settings saving bug. Try saving your auth >>> settings and then restarting Apache. >>> >>> What's happening is that different Apache threads are seeing different >>> versions of the settings, instead of staying in sync like they should be. So >>> depending on what instance is handling your request, it may be using your >>> auth settings, or it may not. >>> >>> >>> Christian >>> >>> -- >>> Christian Hammond - chip...@chipx86.com >>> Review Board - http://www.reviewboard.org >>> VMware, Inc. - http://www.vmware.com >>> >>> >>> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru >>> wrote: >>> Hi, I am seeing that authentication is failing most of the times. Once in a while it succeeds. I am currently running 1.5beta1. Any known issues with Active Directory (AD) backend? I found a few posts that referred to making sure ldap and DNS modules were available. I did confirm that. Also, the authentication settings at /admin/settings/authentication dont seem to be saved correctly. After saving AD settings in authentication, if i navigate back to authentication page, it shows standard registration selected. Sometimes navigating away and returning to this authentication page shows AD settings again. So I am not sure where to look for to find the issue. Any one seen similar issue have a workaround or where I can see in code to figure out? thanks, Ravi. ar...@dev:~$ python Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ldap >>> import DNS >>> -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en >>> >>> -- >>> Want to help the Review Board project? Donate today at >>> http://www.reviewboard.org/donate/ >>> Happy user? Let us know at http://www.reviewboard.org/users/ >>> -~--~~~~--~~--~--~--- >>> To unsubscribe from this group, send email to >>> reviewboard+unsubscr...@googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/group/reviewboard?hl=en >>> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send
Re: authentication settings page issues in 1.5beta1
Is this only happening with the newer release, and not an older one? I don't know what would have changed to affect this between the releases. I recommend checking the log file (assuming logging is turned on) and seeing if there are any errors. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, Mar 2, 2010 at 2:39 PM, Ravi Kondamuru wrote: > Hi Christian, > > After restarting apache. the admin login is failing. I cant login using the > AD username/passwd login also. > Since login page is using SSL and I setup LDAP to use TLS, I cant see whats > going on. > I am guessing for admin user, RB is authenticating with AD. But I cant > explain why AD user authentication is failing. > > Atleast the login page now is always showing the banner to "login with > standard username and password". > Previously that was changing with each refresh. > > I will just rebuild the site or else revert to a previous release and check > there. > > thanks, > Ravi. > > > On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond wrote: > >> Hi Ravi, >> >> This all sounds like the settings saving bug. Try saving your auth >> settings and then restarting Apache. >> >> What's happening is that different Apache threads are seeing different >> versions of the settings, instead of staying in sync like they should be. So >> depending on what instance is handling your request, it may be using your >> auth settings, or it may not. >> >> >> Christian >> >> -- >> Christian Hammond - chip...@chipx86.com >> Review Board - http://www.reviewboard.org >> VMware, Inc. - http://www.vmware.com >> >> >> On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru wrote: >> >>> Hi, >>> >>> I am seeing that authentication is failing most of the times. Once in a >>> while it succeeds. I am currently running 1.5beta1. Any known issues with >>> Active Directory (AD) backend? I found a few posts that referred to making >>> sure ldap and DNS modules were available. I did confirm that. >>> >>> Also, the authentication settings at /admin/settings/authentication dont >>> seem to be saved correctly. After saving AD settings in authentication, if i >>> navigate back to authentication page, it shows standard registration >>> selected. Sometimes navigating away and returning to this authentication >>> page shows AD settings again. So I am not sure where to look for to find the >>> issue. Any one seen similar issue have a workaround or where I can see in >>> code to figure out? >>> >>> thanks, >>> Ravi. >>> >>> ar...@dev:~$ python >>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) >>> [GCC 4.4.1] on linux2 >>> Type "help", "copyright", "credits" or "license" for more information. >>> >>> import ldap >>> >>> import DNS >>> >>> >>> >>> >>> -- >>> Want to help the Review Board project? Donate today at >>> http://www.reviewboard.org/donate/ >>> Happy user? Let us know at http://www.reviewboard.org/users/ >>> -~--~~~~--~~--~--~--- >>> To unsubscribe from this group, send email to >>> reviewboard+unsubscr...@googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/group/reviewboard?hl=en >>> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: authentication settings page issues in 1.5beta1
Hi Christian, After restarting apache. the admin login is failing. I cant login using the AD username/passwd login also. Since login page is using SSL and I setup LDAP to use TLS, I cant see whats going on. I am guessing for admin user, RB is authenticating with AD. But I cant explain why AD user authentication is failing. Atleast the login page now is always showing the banner to "login with standard username and password". Previously that was changing with each refresh. I will just rebuild the site or else revert to a previous release and check there. thanks, Ravi. On Tue, Mar 2, 2010 at 1:55 PM, Christian Hammond wrote: > Hi Ravi, > > This all sounds like the settings saving bug. Try saving your auth settings > and then restarting Apache. > > What's happening is that different Apache threads are seeing different > versions of the settings, instead of staying in sync like they should be. So > depending on what instance is handling your request, it may be using your > auth settings, or it may not. > > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru wrote: > >> Hi, >> >> I am seeing that authentication is failing most of the times. Once in a >> while it succeeds. I am currently running 1.5beta1. Any known issues with >> Active Directory (AD) backend? I found a few posts that referred to making >> sure ldap and DNS modules were available. I did confirm that. >> >> Also, the authentication settings at /admin/settings/authentication dont >> seem to be saved correctly. After saving AD settings in authentication, if i >> navigate back to authentication page, it shows standard registration >> selected. Sometimes navigating away and returning to this authentication >> page shows AD settings again. So I am not sure where to look for to find the >> issue. Any one seen similar issue have a workaround or where I can see in >> code to figure out? >> >> thanks, >> Ravi. >> >> ar...@dev:~$ python >> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) >> [GCC 4.4.1] on linux2 >> Type "help", "copyright", "credits" or "license" for more information. >> >>> import ldap >> >>> import DNS >> >>> >> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: authentication settings page issues in 1.5beta1
Hi Ravi, This all sounds like the settings saving bug. Try saving your auth settings and then restarting Apache. What's happening is that different Apache threads are seeing different versions of the settings, instead of staying in sync like they should be. So depending on what instance is handling your request, it may be using your auth settings, or it may not. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, Mar 2, 2010 at 10:20 AM, Ravi Kondamuru wrote: > Hi, > > I am seeing that authentication is failing most of the times. Once in a > while it succeeds. I am currently running 1.5beta1. Any known issues with > Active Directory (AD) backend? I found a few posts that referred to making > sure ldap and DNS modules were available. I did confirm that. > > Also, the authentication settings at /admin/settings/authentication dont > seem to be saved correctly. After saving AD settings in authentication, if i > navigate back to authentication page, it shows standard registration > selected. Sometimes navigating away and returning to this authentication > page shows AD settings again. So I am not sure where to look for to find the > issue. Any one seen similar issue have a workaround or where I can see in > code to figure out? > > thanks, > Ravi. > > ar...@dev:~$ python > Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) > [GCC 4.4.1] on linux2 > Type "help", "copyright", "credits" or "license" for more information. > >>> import ldap > >>> import DNS > >>> > > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
authentication settings page issues in 1.5beta1
Hi, I am seeing that authentication is failing most of the times. Once in a while it succeeds. I am currently running 1.5beta1. Any known issues with Active Directory (AD) backend? I found a few posts that referred to making sure ldap and DNS modules were available. I did confirm that. Also, the authentication settings at /admin/settings/authentication dont seem to be saved correctly. After saving AD settings in authentication, if i navigate back to authentication page, it shows standard registration selected. Sometimes navigating away and returning to this authentication page shows AD settings again. So I am not sure where to look for to find the issue. Any one seen similar issue have a workaround or where I can see in code to figure out? thanks, Ravi. ar...@dev:~$ python Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ldap >>> import DNS >>> -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en