Re: Auth issues
Alright, so to answer this a little further, I rebuilt my python-ldap module and now when LDAP login fails, the system does fall back to 'builtin'. Having fixed that I am now seeing another issue, when I attempt AD auth I get the following error 2012-02-08 09:18:26,260 - WARNING - LDAP error: {'info': '04DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'} According to this thread http://code.google.com/p/reviewboard/issues/detail?id=1641, this was fixed before 1.5 was released, but does not appear to be so. On Feb 7, 8:34 pm, Christian Hammond chip...@chipx86.com wrote: Hi Lev, I'll only be able to answer the first one. There are many users on here that know LDAP much better than I do. We've had reports in the past that LDAP/AD would block users from logging in with the builtin auth. I don't know why it does this, and have tried to hunt it down before, but couldn't repro here. If you can trace it, that would help immensely. The code lives in reviewboard/accounts/backends.py. The get_or_create_user will basically only be a factor for new users who haven't logged into Review Board yet, so most likely the problem is in authenticate(). My suspicion is that we're getting past all the initial checks and being told there's at least some entry for the user in question, causing us never to fall back. Our LDAP support has all been user-contributed, and I'm no LDAP expert, so any assistance in maintaining/fixing this code would help greatly :) Christian -- Christian Hammond - chip...@chipx86.com Review Board -http://www.reviewboard.org VMware, Inc. -http://www.vmware.com On Tue, Feb 7, 2012 at 10:31 AM, Lev Bronshtein bronshtein@gmail.comwrote: Version 1.6 My understanding of the authentication process was that if all other auth methods failed, review board would fall back to builtin, is this not correct then? I was attempting to login as as a local admin after having set up AD and received a TLS exception, the auth process did not attempt to move on after that. Since the install process advises that the local admin does not match a name in AD/LDAP does that mean that this name will only work when builtin method is enabled. As for failing back is it supposed to happen and the only thing stopping it is an unhanded exception? Another thing setting LDAP does not appear to have any affect, local use/password works but non of the LDAP ones. Finally if I were to enable TLS for LDAP/AD where would the certs need to be stored, or how would I enable opportunistic TLS as opposed to some recognized cert? Regards, Lev Bronshtein P.S. I would ne more then happy to trace the execution of various components if you need me to and report back my findings if it makes the process easier. -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know athttp://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Auth issues
Version 1.6 My understanding of the authentication process was that if all other auth methods failed, review board would fall back to builtin, is this not correct then? I was attempting to login as as a local admin after having set up AD and received a TLS exception, the auth process did not attempt to move on after that. Since the install process advises that the local admin does not match a name in AD/LDAP does that mean that this name will only work when builtin method is enabled. As for failing back is it supposed to happen and the only thing stopping it is an unhanded exception? Another thing setting LDAP does not appear to have any affect, local use/password works but non of the LDAP ones. Finally if I were to enable TLS for LDAP/AD where would the certs need to be stored, or how would I enable opportunistic TLS as opposed to some recognized cert? Regards, Lev Bronshtein P.S. I would ne more then happy to trace the execution of various components if you need me to and report back my findings if it makes the process easier. -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Auth issues
Hi Lev, I'll only be able to answer the first one. There are many users on here that know LDAP much better than I do. We've had reports in the past that LDAP/AD would block users from logging in with the builtin auth. I don't know why it does this, and have tried to hunt it down before, but couldn't repro here. If you can trace it, that would help immensely. The code lives in reviewboard/accounts/backends.py. The get_or_create_user will basically only be a factor for new users who haven't logged into Review Board yet, so most likely the problem is in authenticate(). My suspicion is that we're getting past all the initial checks and being told there's at least some entry for the user in question, causing us never to fall back. Our LDAP support has all been user-contributed, and I'm no LDAP expert, so any assistance in maintaining/fixing this code would help greatly :) Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Tue, Feb 7, 2012 at 10:31 AM, Lev Bronshtein bronshtein@gmail.comwrote: Version 1.6 My understanding of the authentication process was that if all other auth methods failed, review board would fall back to builtin, is this not correct then? I was attempting to login as as a local admin after having set up AD and received a TLS exception, the auth process did not attempt to move on after that. Since the install process advises that the local admin does not match a name in AD/LDAP does that mean that this name will only work when builtin method is enabled. As for failing back is it supposed to happen and the only thing stopping it is an unhanded exception? Another thing setting LDAP does not appear to have any affect, local use/password works but non of the LDAP ones. Finally if I were to enable TLS for LDAP/AD where would the certs need to be stored, or how would I enable opportunistic TLS as opposed to some recognized cert? Regards, Lev Bronshtein P.S. I would ne more then happy to trace the execution of various components if you need me to and report back my findings if it makes the process easier. -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en