Re: Migrated to a new server, now LDAP doesn't work
do you have server log? /etc/httpd/logs/error.log
On Fri, Nov 11, 2011 at 12:39 PM, Mail Team email@gmail.com wrote:
Excpet for the actual server address, they go like this. I'm not entirely
sure what kind of LDAP server it is, but I think it's something like Mac OS
X Server 10.6.8. (I don't run that system.)
LDAP Server: ldap://my.ldap.server
LDAP Base DN: cn=users,dc=ldap,dc=server
Given Name Attribute: givenName
Surname Attribute: sn
Full Name Attribute: cn
E-Mail Domain: blank
E-Mail LDAP Attribute: mail
Use TLS for authentication off
User Mask: (uid=%s)
Anonymous User Mask: blank
Anonymous User Password: blank
Ian
On Thu, Nov 10, 2011 at 10:48 PM, Nilesh Jaiswal nileshj...@gmail.comwrote:
Could you get me following details.
Login as admin to your reviewboard.
1. Click to setting tab.
2. Click Authentication tab.
and get me details of the field mentioned then i can help you further.
LDAP Server:
LDAP Base DN:
User Mask:
Anonymous User Mask:
etc
On Fri, Nov 11, 2011 at 11:35 AM, Mail Team email@gmail.com wrote:
Oh, and I have a clone of the server if there's anything I can do for
testing. My Python skills are somewhere between crappy and nonexistent,
but I can follow directions and install whatever crazy stuff on my clone to
help.
Ian
On Thu, Nov 10, 2011 at 9:59 PM, Mail Team email@gmail.com wrote:
Sorry, to answer your question from a few days ago, LDAP logins aren't
currently working at all for me, either from the web UI or from
post-review.
Ian
On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal
nileshj...@gmail.comwrote:
Hi Chris,
The changes are done are as below please find the snippet.
class LDAPBackend(AuthBackend):
Authenticate against a user on an LDAP server.
name = _('LDAP')
settings_form = LDAPSettingsForm
def authenticate(self, username, password):
username = username.strip()
uid = settings.LDAP_UID_MASK % username
logging.info(Start Authenticating username: %s % username)
logging.info(User UID is : %s % uid)
try:
import ldap
ldapo = ldap.initialize(settings.LDAP_URI)
ldapo.set_option(ldap.OPT_REFERRALS, 0)
ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
if settings.LDAP_TLS:
ldapo.start_tls_s()
*# May need to log in as the anonymous user before
searching.
Filter = '((objectClass=*)(sAMAccountName=%s))' % username
Attrs=['displayName']
*
if settings.LDAP_ANON_BIND_UID:
ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID,
settings.LDAP_ANON_BIND_PASSWD)
*search = ldapo.search(settings.LDAP_BASE_DN,
ldap.SCOPE_SUBTREE, Filter, Attrs)*
if not search:
# no such a user, return early, no need for bind
attempts
logging.warning(LDAP error: The specified object does
not
exist in the Directory: %s %
uid)
return None
*# Adding my code Start
search = ldapo.search_s(settings.LDAP_BASE_DN,
ldap.SCOPE_SUBTREE, Filter)
# Adding my code End
*
Similar changes in
def get_or_create_user(self, username):
*Filter = '((objectClass=*)(sAMAccountName=%s))' %
username
Attrs=['displayName']
#passwd = ldapo.search_s(settings.LDAP_BASE_DN,
#ldap.SCOPE_SUBTREE,
#settings.LDAP_UID_MASK %
username)
passwd = ldapo.search_s(settings.LDAP_BASE_DN,
ldap.SCOPE_SUBTREE, Filter,
Attrs)
*if len(password) == 0:
# Don't try to bind using an empty password; the
server will
# return success, which doesn't mean we have
authenticated.
# http://tools.ietf.org/html/rfc4513#section-5.1.2
# http://tools.ietf.org/html/rfc4513#section-6.3.1
logging.warning(Empty password for: %s % uid)
return None
ldapo.bind_s(search[0][0], password)
return self.get_or_create_user(username)
After this changes i was able to authenticate using LDAP user from RB
GUI. This is my customize fix, if you have better fix please let us know.
Regards,
Nilesh
On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond
chip...@chipx86.com wrote:
Can you tell me what change you made? I'd like to get a fix into a
release.
Christian
--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal nileshj...@gmail.com
wrote:
Its seems, you need to make the changes in the backends.py to add
the
Re: Migrated to a new server, now LDAP doesn't work
Can you tell me what change you made? I'd like to get a fix into a release.
Christian
--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal nileshj...@gmail.comwrote:
Its seems, you need to make the changes in the backends.py to add the
filter for the LDAP user, I was also facing this issue then i add the
filter and it started working for me
On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond chip...@chipx86.comwrote:
Hi,
Are you just having trouble with API logins using post-review, or the
website as well?
There are some issues we haven't yet tracked down specifically with LDAP
logins with the API. I honestly don't know what's going on there, and
nobody who has such a setup has been able to debug enough to figure out the
root cause.
Christian
--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Mon, Nov 7, 2011 at 2:41 PM, Mail Team email@gmail.com wrote:
And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13,
django_evolution 0.6.5.
Ian
On Sun, Nov 6, 2011 at 1:13 AM, Mail Team email@gmail.com wrote:
And the client was using Python 2.7 all along. It was using RBTools
0.3.3, I tried updating them to 0.3.4 but that didn't make a difference.
Ian
On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote:
A bit more info:
My old server used Python 2.6, my new server uses 2.7.
$ post-review --debug -o dummyfile
RBTools 0.3.4
Home = /path/to/my/home
svn info
diff --version
repository info: Path: svn+ssh://my.repository/url, Base path:
/trunk, Supports changesets: False
svn propget reviewboard:url /path/to/my/working/copy/trunk
HTTP GETting api/
HTTP GETting http://my.reviewboard.server/codereviews/api/info/
== HTTP Authentication Required
Enter authorization information for Web API at mailteam.apple.com
Username: iana
Password:
Got API Error 103 (HTTP code 401): You are not logged in
Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
logged in', u'code': 103}}
Unable to log in with the supplied username and password.
When I use post-review as above, I do get some logs but they're not
all that helpful to me.
DEBUG Attempting authentication on API for user iana
DEBUG API Login failed. No valid user found.
On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote:
I moved my Review Board installation to a new server via rb-site
manage dumpdata/loaddata which seemed to go fine, but now LDAP logins
don't
work. If I go into the admin interface and click on Logs, there's
nothing.
Any idea how I could debug this? Any silly gotchas that I might be
missing?
Ian
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
Its seems, you need to make the changes in the backends.py to add the
filter for the LDAP user, I was also facing this issue then i add the
filter and it started working for me
On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond chip...@chipx86.comwrote:
Hi,
Are you just having trouble with API logins using post-review, or the
website as well?
There are some issues we haven't yet tracked down specifically with LDAP
logins with the API. I honestly don't know what's going on there, and
nobody who has such a setup has been able to debug enough to figure out the
root cause.
Christian
--
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Mon, Nov 7, 2011 at 2:41 PM, Mail Team email@gmail.com wrote:
And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13,
django_evolution 0.6.5.
Ian
On Sun, Nov 6, 2011 at 1:13 AM, Mail Team email@gmail.com wrote:
And the client was using Python 2.7 all along. It was using RBTools
0.3.3, I tried updating them to 0.3.4 but that didn't make a difference.
Ian
On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote:
A bit more info:
My old server used Python 2.6, my new server uses 2.7.
$ post-review --debug -o dummyfile
RBTools 0.3.4
Home = /path/to/my/home
svn info
diff --version
repository info: Path: svn+ssh://my.repository/url, Base path:
/trunk, Supports changesets: False
svn propget reviewboard:url /path/to/my/working/copy/trunk
HTTP GETting api/
HTTP GETting http://my.reviewboard.server/codereviews/api/info/
== HTTP Authentication Required
Enter authorization information for Web API at mailteam.apple.com
Username: iana
Password:
Got API Error 103 (HTTP code 401): You are not logged in
Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not
logged in', u'code': 103}}
Unable to log in with the supplied username and password.
When I use post-review as above, I do get some logs but they're not all
that helpful to me.
DEBUG Attempting authentication on API for user iana
DEBUG API Login failed. No valid user found.
On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote:
I moved my Review Board installation to a new server via rb-site
manage dumpdata/loaddata which seemed to go fine, but now LDAP logins
don't
work. If I go into the admin interface and click on Logs, there's
nothing.
Any idea how I could debug this? Any silly gotchas that I might be
missing?
Ian
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
And the client was using Python 2.7 all along. It was using RBTools 0.3.3,
I tried updating them to 0.3.4 but that didn't make a difference.
Ian
On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote:
A bit more info:
My old server used Python 2.6, my new server uses 2.7.
$ post-review --debug -o dummyfile
RBTools 0.3.4
Home = /path/to/my/home
svn info
diff --version
repository info: Path: svn+ssh://my.repository/url, Base path: /trunk,
Supports changesets: False
svn propget reviewboard:url /path/to/my/working/copy/trunk
HTTP GETting api/
HTTP GETting http://my.reviewboard.server/codereviews/api/info/
== HTTP Authentication Required
Enter authorization information for Web API at mailteam.apple.com
Username: iana
Password:
Got API Error 103 (HTTP code 401): You are not logged in
Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged
in', u'code': 103}}
Unable to log in with the supplied username and password.
When I use post-review as above, I do get some logs but they're not all
that helpful to me.
DEBUG Attempting authentication on API for user iana
DEBUG API Login failed. No valid user found.
On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote:
I moved my Review Board installation to a new server via rb-site manage
dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work.
If I go into the admin interface and click on Logs, there's nothing. Any
idea how I could debug this? Any silly gotchas that I might be missing?
Ian
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
