Re: Migrated to a new server, now LDAP doesn't work
do you have server log? /etc/httpd/logs/error.log On Fri, Nov 11, 2011 at 12:39 PM, Mail Team email@gmail.com wrote: Excpet for the actual server address, they go like this. I'm not entirely sure what kind of LDAP server it is, but I think it's something like Mac OS X Server 10.6.8. (I don't run that system.) LDAP Server: ldap://my.ldap.server LDAP Base DN: cn=users,dc=ldap,dc=server Given Name Attribute: givenName Surname Attribute: sn Full Name Attribute: cn E-Mail Domain: blank E-Mail LDAP Attribute: mail Use TLS for authentication off User Mask: (uid=%s) Anonymous User Mask: blank Anonymous User Password: blank Ian On Thu, Nov 10, 2011 at 10:48 PM, Nilesh Jaiswal nileshj...@gmail.comwrote: Could you get me following details. Login as admin to your reviewboard. 1. Click to setting tab. 2. Click Authentication tab. and get me details of the field mentioned then i can help you further. LDAP Server: LDAP Base DN: User Mask: Anonymous User Mask: etc On Fri, Nov 11, 2011 at 11:35 AM, Mail Team email@gmail.com wrote: Oh, and I have a clone of the server if there's anything I can do for testing. My Python skills are somewhere between crappy and nonexistent, but I can follow directions and install whatever crazy stuff on my clone to help. Ian On Thu, Nov 10, 2011 at 9:59 PM, Mail Team email@gmail.com wrote: Sorry, to answer your question from a few days ago, LDAP logins aren't currently working at all for me, either from the web UI or from post-review. Ian On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal nileshj...@gmail.comwrote: Hi Chris, The changes are done are as below please find the snippet. class LDAPBackend(AuthBackend): Authenticate against a user on an LDAP server. name = _('LDAP') settings_form = LDAPSettingsForm def authenticate(self, username, password): username = username.strip() uid = settings.LDAP_UID_MASK % username logging.info(Start Authenticating username: %s % username) logging.info(User UID is : %s % uid) try: import ldap ldapo = ldap.initialize(settings.LDAP_URI) ldapo.set_option(ldap.OPT_REFERRALS, 0) ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() *# May need to log in as the anonymous user before searching. Filter = '((objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] * if settings.LDAP_ANON_BIND_UID: ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD) *search = ldapo.search(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs)* if not search: # no such a user, return early, no need for bind attempts logging.warning(LDAP error: The specified object does not exist in the Directory: %s % uid) return None *# Adding my code Start search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter) # Adding my code End * Similar changes in def get_or_create_user(self, username): *Filter = '((objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] #passwd = ldapo.search_s(settings.LDAP_BASE_DN, #ldap.SCOPE_SUBTREE, #settings.LDAP_UID_MASK % username) passwd = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs) *if len(password) == 0: # Don't try to bind using an empty password; the server will # return success, which doesn't mean we have authenticated. # http://tools.ietf.org/html/rfc4513#section-5.1.2 # http://tools.ietf.org/html/rfc4513#section-6.3.1 logging.warning(Empty password for: %s % uid) return None ldapo.bind_s(search[0][0], password) return self.get_or_create_user(username) After this changes i was able to authenticate using LDAP user from RB GUI. This is my customize fix, if you have better fix please let us know. Regards, Nilesh On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond chip...@chipx86.com wrote: Can you tell me what change you made? I'd like to get a fix into a release. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal nileshj...@gmail.com wrote: Its seems, you need to make the changes in the backends.py to add the
Re: Migrated to a new server, now LDAP doesn't work
Can you tell me what change you made? I'd like to get a fix into a release. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal nileshj...@gmail.comwrote: Its seems, you need to make the changes in the backends.py to add the filter for the LDAP user, I was also facing this issue then i add the filter and it started working for me On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond chip...@chipx86.comwrote: Hi, Are you just having trouble with API logins using post-review, or the website as well? There are some issues we haven't yet tracked down specifically with LDAP logins with the API. I honestly don't know what's going on there, and nobody who has such a setup has been able to debug enough to figure out the root cause. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Mon, Nov 7, 2011 at 2:41 PM, Mail Team email@gmail.com wrote: And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, django_evolution 0.6.5. Ian On Sun, Nov 6, 2011 at 1:13 AM, Mail Team email@gmail.com wrote: And the client was using Python 2.7 all along. It was using RBTools 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. Ian On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote: A bit more info: My old server used Python 2.6, my new server uses 2.7. $ post-review --debug -o dummyfile RBTools 0.3.4 Home = /path/to/my/home svn info diff --version repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, Supports changesets: False svn propget reviewboard:url /path/to/my/working/copy/trunk HTTP GETting api/ HTTP GETting http://my.reviewboard.server/codereviews/api/info/ == HTTP Authentication Required Enter authorization information for Web API at mailteam.apple.com Username: iana Password: Got API Error 103 (HTTP code 401): You are not logged in Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}} Unable to log in with the supplied username and password. When I use post-review as above, I do get some logs but they're not all that helpful to me. DEBUG Attempting authentication on API for user iana DEBUG API Login failed. No valid user found. On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote: I moved my Review Board installation to a new server via rb-site manage dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. If I go into the admin interface and click on Logs, there's nothing. Any idea how I could debug this? Any silly gotchas that I might be missing? Ian -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
Its seems, you need to make the changes in the backends.py to add the filter for the LDAP user, I was also facing this issue then i add the filter and it started working for me On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond chip...@chipx86.comwrote: Hi, Are you just having trouble with API logins using post-review, or the website as well? There are some issues we haven't yet tracked down specifically with LDAP logins with the API. I honestly don't know what's going on there, and nobody who has such a setup has been able to debug enough to figure out the root cause. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Mon, Nov 7, 2011 at 2:41 PM, Mail Team email@gmail.com wrote: And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, django_evolution 0.6.5. Ian On Sun, Nov 6, 2011 at 1:13 AM, Mail Team email@gmail.com wrote: And the client was using Python 2.7 all along. It was using RBTools 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. Ian On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote: A bit more info: My old server used Python 2.6, my new server uses 2.7. $ post-review --debug -o dummyfile RBTools 0.3.4 Home = /path/to/my/home svn info diff --version repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, Supports changesets: False svn propget reviewboard:url /path/to/my/working/copy/trunk HTTP GETting api/ HTTP GETting http://my.reviewboard.server/codereviews/api/info/ == HTTP Authentication Required Enter authorization information for Web API at mailteam.apple.com Username: iana Password: Got API Error 103 (HTTP code 401): You are not logged in Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}} Unable to log in with the supplied username and password. When I use post-review as above, I do get some logs but they're not all that helpful to me. DEBUG Attempting authentication on API for user iana DEBUG API Login failed. No valid user found. On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote: I moved my Review Board installation to a new server via rb-site manage dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. If I go into the admin interface and click on Logs, there's nothing. Any idea how I could debug this? Any silly gotchas that I might be missing? Ian -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
And the client was using Python 2.7 all along. It was using RBTools 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. Ian On Sun, Nov 6, 2011 at 1:12 AM, Mail Team email@gmail.com wrote: A bit more info: My old server used Python 2.6, my new server uses 2.7. $ post-review --debug -o dummyfile RBTools 0.3.4 Home = /path/to/my/home svn info diff --version repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, Supports changesets: False svn propget reviewboard:url /path/to/my/working/copy/trunk HTTP GETting api/ HTTP GETting http://my.reviewboard.server/codereviews/api/info/ == HTTP Authentication Required Enter authorization information for Web API at mailteam.apple.com Username: iana Password: Got API Error 103 (HTTP code 401): You are not logged in Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}} Unable to log in with the supplied username and password. When I use post-review as above, I do get some logs but they're not all that helpful to me. DEBUG Attempting authentication on API for user iana DEBUG API Login failed. No valid user found. On Sun, Nov 6, 2011 at 1:43 AM, Mail Team email@gmail.com wrote: I moved my Review Board installation to a new server via rb-site manage dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. If I go into the admin interface and click on Logs, there's nothing. Any idea how I could debug this? Any silly gotchas that I might be missing? Ian -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en