Re: Issue 719 in reviewboard: Ldap auth not working with AD
Comment #17 on issue 719 by mdfakkeer: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 it also works for me. But i want to authenticate only particy=ular group members instead of all members in my domain. If any body know how to configure LDAP with Group. -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-iss...@googlegroups.com. To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
Re: Issue 719 in reviewboard: Ldap auth not working with AD
Comment #16 on issue 719 by mansukim: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 it also works for me. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-iss...@googlegroups.com. To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
Re: Issue 719 in reviewboard: Ldap auth not working with AD
Comment #15 on issue 719 by thienv: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Comment 13. Thanks much for the info. This is exactly what I need. The problem is in Anynymous User Mask - which follows the field User Mask give user impression that it would be te same form (uid=%s except we change the %s to the anonymous user). The instruction also tell you so -- 'this should be in the same format as User Mask). Actually, it should be the whole LDAP query for anonymous query as per comment 13. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-iss...@googlegroups.com. To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en.
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #14 on issue 719 by bblough: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Re: Anonymous user format - comment 9, as well as my own comment 13 - I've seen cases where the anonymous user needs to be specified as stated in #9, e.g. MYDOMAIN\username. But in other cases that won't work and it needs to be specified as I did in #13, as an LDAP string. Honestly I have no idea why the difference, but if one doesn't work, you might as well try the other. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #13 on issue 719 by bblough: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Here's what works for me in our Win2k3 AD environment. Replace the values in brackets with values for your environment - On admin/settings/general, under LDAP Authentication Settings: * LDAP Server: ldap:// * LDAP Base DN: ou=Recipients,ou= Users,dc=,dc=,dc= * Email Domain: (blank) * Email LDAP attribute: mail * Use TLS: unchecked * User Mask: (sAMAccountName=%s) * Anonymous User Mask: cn=,cn=,dc=,dc=,dc= * Anonymous User Password: Notes: In our environment, normal user accounts are held in the Recipient container, which is in turn held in the User container. If your structure differs, adjust the OU entries accordingly. The service account is required because we have anonymous binds disabled. Our service accounts live in a different container than our normal users, so again, adjust the entries as necessary. Hope that helps. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #12 on issue 719 by dmor...@maned.com: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 I'm really responding to Comment #10. I've been having a difficult time troubleshooting my LDAP configuration here. I've set up LDAP authentication for several products (Deki Wiki, JIRA, Hudson, Subversion) but for the life of me, cannot get this to to work. This coupled with the fact that I can't tell when the settings actually change (I hit Save, and it refreshes, and the old settings are still there in the web page.) If anyone has had luck with doing LDAP authentication against an AD, I'd really like to see your scrubbed settings. Also, any help on which log files to look at for this would be greatly appreciated. Thanks, -Dan. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Updates: Status: Fixed Comment #11 on issue 719 by trowbrds: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Assuming fixed. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #10 on issue 719 by Bhaskar.P.Roy: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Does Any one know, how to integrate reveiwboard authentication wtih AD ?? Please let me know the path and configuration. Your help is appresiated. Thanks -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #9 on issue 719 by ssheldon: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 I'm using RC2 with the LDAP authentication backend against an AD server and it works for me. The AD setup here specifically disallows anonymous searching so it probably tests the path described in this bug report. I set the Anonymous User Mask to "MYDOMAIN\bind_username" (no quotes) and set the Anonymous User Password to the password for the bind_username account. Calling this field Anonymous User Mask in the config screen seems a bit misleading. Is that config field used for something else as well? The help text under the config field says "The user mask string for anonymous users. If specified, this should be in the same format as User Mask." even though the format for the two fields is completely different. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Updates: Status: NeedInfo Comment #8 on issue 719 by chipx86: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Does this work in RC2? We've had a lot of LDAP/AD fixes in. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #7 on issue 719 by trowbrds: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Issue 907 has been merged into this issue. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #6 on issue 719 by bblough: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 /poser/poster/ oops. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #5 on issue 719 by bblough: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 I'm not the original poser, but this patch fixes the issue in my environment. Thanks! -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Comment #4 on issue 719 by zhirsch: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Here's a patch against the SVN trunk to fix the "need to bind before searching" problem. Attachments: ldap-bind-before-search.patch 686 bytes -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to reviewboard-issues+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Updates: Labels: Component-Accounts Comment #3 on issue 719 by chipx86: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Issue 719: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Comment #2 by paolo.ferracin: def authenticate(self, username, password): try: import ldap ldapo = ldap.initialize(settings.LDAP_URI) ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() if settings.LDAP_ANON_BIND_UID: ldapo.bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD) search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, settings.LDAP_UID_MASK % username) ldapo.bind_s(search[0][0], password) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Issue 719: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 Comment #1 by paolo.ferracin: the auth_ldap_uid_mask is more like a filter than a pattern to build a DN from an Username. So with AD the mask should be sAMAccountName=%s. Then, AD by default doesn't allow anonymous search. You need to patch accounts/backends.py to do a 'bind' before the first 'search'. For the initial bind, you could use the 'ANON' credentials and avoid to change GUI/settings/etc. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---
Issue 719 in reviewboard: Ldap auth not working with AD
Issue 719: Ldap auth not working with AD http://code.google.com/p/reviewboard/issues/detail?id=719 New issue report by who.mobile: *NOTE: Do not post confidential information in this bug report.* What's the URL of the page containing the problem? Even after LDAP auth config like below, LDAP auth fail with security failure. "auth_ldap_uid_mask": "sAMAccountName=%s,cn=Users,dc=corp,dc=mobileiron,dc=com" "ldap://172.16.0.1:389"; What steps will reproduce the problem? 1. configure ldap parameter, 2. check packet capture from ldap server 3. it show error. What is the expected output? What do you see instead? There should be way to config AD, in apache case using filter we can support this. What operating system are you using? What browser? Centos5 Please provide any additional information below. Issue attributes: Status: New Owner: Labels: Type-Defect Priority-Medium -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "reviewboard-issues" group. To post to this group, send email to reviewboard-issues@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/reviewboard-issues?hl=en -~--~~~~--~~--~--~---