Re: LDAP Authentication Issues
Christian, Thanks for your help. Unfortunately I don't know Python at all, but I'll take a look when I get a chance. If I figure it out, I'll let you know! Mike On Tuesday, July 30, 2013 7:49:28 PM UTC-4, Christian Hammond wrote: > > Hi Michael, > > I don't have any useful answer for you just yet, but I wanted to point out > that the version of backends.py you're looking out is very ancient. You'll > want to check the one on http://github.com/reviewboard/reviewboard/ in > order to help debug this. > > I'm not an LDAP expert so I'm not in a great position right now to tell > you what's wrong. It's possible our code is doing something wrong right > now. Particularly if you're getting that error, which at the very least we > should catch. > > Christian > > > On Sunday, July 28, 2013, Michael Pigott wrote: > >> Hello, >> I'm having trouble with configuring ReviewBoard for LDAP. I know >> I'm doing this correctly, because it works for my Subversion and Redmine >> instances. I'm not expecting much out of this, because I've seen others >> have had LDAP authentication issues like mine and haven't had much luck >> either. >> >> None of my LDAP users authenticate. I get varying issues with trying >> various configurations. The best I can get is a connection, with an error >> in my reviewboard.log stating: >> >> LDAP error: The specified object does not exist in the Directory or >> provided invalid credentials: uid=mpigott,dc=X,dc=org >> >> I have an OpenLDAP server running on the same machine as my Reviewboard >> instance. It has an admin account of "cn=admin,dc=X,dc=org" with a >> password. I don't have SASL set up, so it's just using the basic >> authentication. >> >> Server: >> I have tried all of the following: >> >> ldap://localhost/ >> ldap://localhost:389/ >> ldap://localhost/DC=X,DC=org?uid (to the unfamiliar, this is >> Apache's LDAP authentication URL) >> >> LDAP Base DN: >> dc=X,dc=org >> ou=people,dc=X,dc=org >> >> Given Name Attribute: >> givenName >> >> Surname Attribute: >> sn >> >> Full Name Attribute: >> cn >> >> E-mail Domain >> >> X.org >> >> E-mail LDAP Attribute >> mail >> >> User Mask: >> uid=%s => This gives me the error >> "LDAP error: The specified object does not exist in the Directory or >> provided invalid credentials: uid=mpigott,dc=X,dc=org" >> uid=%s,dc=X,dc=org=> Same error. >> (uid=%s) => This gives me the error >> "LDAP error: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}", with a >> corresponding error in syslog stating either "invalid dn >> ((uid=mpigott),ou=people,dc=X,dc=org)" or "invalid dn >> ((uid=mpigott),dc=X,dc=org)", depending on the above configurations. >> >> After looking at backends.py ( >> http://reviewboard.googlecode.com/svn/trunk/reviewboard/accounts/backends.py), >> I was hoping the problem was that I did not set an anonymous username or >> password. From the logic, it looked like I could try to set the following: >> >> Anonymous User: >> cn=admin,dc=X,dc=org >> >> Anonymous Password >> >> >> Except, this time I get the error: >> >> "An error while LDAP-authenticating: ValueError('need more than 1 value >> to unpack',)" >> >> That appears to be a Python error that occurs when a list of items is too >> short. I noticed that the LDAP Anonymous Password never shows up on the >> admin screen; perhaps it is not saved? >> >> At any rate, any help is appreciated, though I'm about to give up and >> just use Registration authentication. >> >> Thanks, >> Mike >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> --- >> You received this messag
Re: LDAP Authentication Issues
Hi Michael, I don't have any useful answer for you just yet, but I wanted to point out that the version of backends.py you're looking out is very ancient. You'll want to check the one on http://github.com/reviewboard/reviewboard/ in order to help debug this. I'm not an LDAP expert so I'm not in a great position right now to tell you what's wrong. It's possible our code is doing something wrong right now. Particularly if you're getting that error, which at the very least we should catch. Christian On Sunday, July 28, 2013, Michael Pigott wrote: > Hello, > I'm having trouble with configuring ReviewBoard for LDAP. I know I'm > doing this correctly, because it works for my Subversion and Redmine > instances. I'm not expecting much out of this, because I've seen others > have had LDAP authentication issues like mine and haven't had much luck > either. > > None of my LDAP users authenticate. I get varying issues with trying > various configurations. The best I can get is a connection, with an error > in my reviewboard.log stating: > > LDAP error: The specified object does not exist in the Directory or > provided invalid credentials: uid=mpigott,dc=X,dc=org > > I have an OpenLDAP server running on the same machine as my Reviewboard > instance. It has an admin account of "cn=admin,dc=X,dc=org" with a > password. I don't have SASL set up, so it's just using the basic > authentication. > > Server: > I have tried all of the following: > > ldap://localhost/ > ldap://localhost:389/ > ldap://localhost/DC=X,DC=org?uid (to the unfamiliar, this is Apache's > LDAP authentication URL) > > LDAP Base DN: > dc=X,dc=org > ou=people,dc=X,dc=org > > Given Name Attribute: > givenName > > Surname Attribute: > sn > > Full Name Attribute: > cn > > E-mail Domain > > X.org > > E-mail LDAP Attribute > mail > > User Mask: > uid=%s => This gives me the error > "LDAP error: The specified object does not exist in the Directory or > provided invalid credentials: uid=mpigott,dc=X,dc=org" > uid=%s,dc=X,dc=org=> Same error. > (uid=%s) => This gives me the error > "LDAP error: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}", with a > corresponding error in syslog stating either "invalid dn > ((uid=mpigott),ou=people,dc=X,dc=org)" or "invalid dn > ((uid=mpigott),dc=X,dc=org)", depending on the above configurations. > > After looking at backends.py ( > http://reviewboard.googlecode.com/svn/trunk/reviewboard/accounts/backends.py), > I was hoping the problem was that I did not set an anonymous username or > password. From the logic, it looked like I could try to set the following: > > Anonymous User: > cn=admin,dc=X,dc=org > > Anonymous Password > > > Except, this time I get the error: > > "An error while LDAP-authenticating: ValueError('need more than 1 value to > unpack',)" > > That appears to be a Python error that occurs when a list of items is too > short. I noticed that the LDAP Anonymous Password never shows up on the > admin screen; perhaps it is not saved? > > At any rate, any help is appreciated, though I'm about to give up and just > use Registration authentication. > > Thanks, > Mike > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com 'reviewboard%2bunsubscr...@googlegroups.com');> > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > --- > You received this message because you are subscribed to the Google Groups > "reviewboard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to reviewboard+unsubscr...@googlegroups.com 'cvml', 'reviewboard%2bunsubscr...@googlegroups.com');>. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org Beanbag, Inc. - http://www.beanbaginc.com -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
LDAP Authentication Issues
Hello, I'm having trouble with configuring ReviewBoard for LDAP. I know I'm doing this correctly, because it works for my Subversion and Redmine instances. I'm not expecting much out of this, because I've seen others have had LDAP authentication issues like mine and haven't had much luck either. None of my LDAP users authenticate. I get varying issues with trying various configurations. The best I can get is a connection, with an error in my reviewboard.log stating: LDAP error: The specified object does not exist in the Directory or provided invalid credentials: uid=mpigott,dc=X,dc=org I have an OpenLDAP server running on the same machine as my Reviewboard instance. It has an admin account of "cn=admin,dc=X,dc=org" with a password. I don't have SASL set up, so it's just using the basic authentication. Server: I have tried all of the following: ldap://localhost/ ldap://localhost:389/ ldap://localhost/DC=X,DC=org?uid (to the unfamiliar, this is Apache's LDAP authentication URL) LDAP Base DN: dc=X,dc=org ou=people,dc=X,dc=org Given Name Attribute: givenName Surname Attribute: sn Full Name Attribute: cn E-mail Domain X.org E-mail LDAP Attribute mail User Mask: uid=%s => This gives me the error "LDAP error: The specified object does not exist in the Directory or provided invalid credentials: uid=mpigott,dc=X,dc=org" uid=%s,dc=X,dc=org=> Same error. (uid=%s) => This gives me the error "LDAP error: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}", with a corresponding error in syslog stating either "invalid dn ((uid=mpigott),ou=people,dc=X,dc=org)" or "invalid dn ((uid=mpigott),dc=X,dc=org)", depending on the above configurations. After looking at backends.py ( http://reviewboard.googlecode.com/svn/trunk/reviewboard/accounts/backends.py ), I was hoping the problem was that I did not set an anonymous username or password. From the logic, it looked like I could try to set the following: Anonymous User: cn=admin,dc=X,dc=org Anonymous Password Except, this time I get the error: "An error while LDAP-authenticating: ValueError('need more than 1 value to unpack',)" That appears to be a Python error that occurs when a list of items is too short. I noticed that the LDAP Anonymous Password never shows up on the admin screen; perhaps it is not saved? At any rate, any help is appreciated, though I'm about to give up and just use Registration authentication. Thanks, Mike -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: 1.5.4 on Windows, LDAP Authentication issues
I figured it out! So I had mod-python installed, but that needed openLDAP. I install openLDAP, but that needed (openSSL or gnuTLS) and Cyrus SASL. So basically I installed openSSL and SASL, then re-installed openLDAP and mod-python. On Apr 4, 8:16 pm, Turbo wrote: > Hi all, > > I've been attempting to configure LDAP for the past few days and have > not been able to come up with a solution. > > The three fields I am not clear about are > Base DN > User Mask > Anon User Mask > > I have set up LDAP connections on Apache servers running on UNIX. For > those settings, I have a field called "Bind DN" > > What is the difference between Base DN and Bind DN? > > Also, how do I know if RB is even hitting the LDAP server? There are > times I give it bogus ldap urls and I still get error messages saying > "Incorrect username or password. " > > I have found the 1st post in this thread to resemble my LDAP server > the > closest:http://groups.google.com/group/reviewboard-issues/browse_thread/threa... > > Thank you! -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
1.5.4 on Windows, LDAP Authentication issues
Hi all, I've been attempting to configure LDAP for the past few days and have not been able to come up with a solution. The three fields I am not clear about are Base DN User Mask Anon User Mask I have set up LDAP connections on Apache servers running on UNIX. For those settings, I have a field called "Bind DN" What is the difference between Base DN and Bind DN? Also, how do I know if RB is even hitting the LDAP server? There are times I give it bogus ldap urls and I still get error messages saying "Incorrect username or password. " I have found the 1st post in this thread to resemble my LDAP server the closest: http://groups.google.com/group/reviewboard-issues/browse_thread/thread/115d31f672b1bcb7/239e6dc014346b26?lnk=gst&q=ldap+user+mask#239e6dc014346b26 Thank you! -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en