Some more information,
I removed cn as the Full Name Attribute and mail as the Email LDAP
Attribute and auth now works (mostly) correctly. Which means that the
givenName / sn fields were retrieved correctly, but the cn / mail
attributes were not. I would like these attributes to be read,
especially the email one.
--
Jeff
On Sep 12, 3:20 pm, Jeff Ward j...@fuzzybinary.com wrote:
I'm having significant problems getting LDAP authentication to work.
First, my problem, then a few suggestions to make this all go a bit
easier. My set up is the following:
Review board 1.6.1
LDAP server: ldap://loaclhost:389
LDAP Base DN: ou=People,dc=domain,dc=com
Given Name Attribute: givenName
Surname Attribute: sn
Full Name Attribute: cn
E-mail LDAP attribute: mail
User Mask: uid=%s
Anonymous User Mask: cn=readonly,ou=System,dc=domain,dc=com
Anonymous User Password: password
The problem is, this doesn't authenticate properly. I get an error in
the Reviewboard logs saying:
WARNING - An error while LDAP-authenticating: KeyError(u'cn',)
Things I've tried: changing User Mask: to uid=
%s,ou=People,dc=domain,dc=com doesn't work. Error in the log is:
WARNING - LDAP error: The specified object does not exist in the
Directory: uid=username,ou=People,dc=domain,dc=com
But a close look into the LDAP logs reveals that it's search was:
filter: (uid=username,ou=people,dc=domain,dc=com)
Note the Lowercase people instead of People.
Any idea how to get this to authenticate correctly?
Something else I'd like to see: you should make a distinction between
the bind-dn and the anonymous-dn We do not allow anonymous access to
our LDAP server, and it would be nice to distinguish the user that's
reading just to get binding information and the user that's reading as
an anonymous Review Board user.
Also, please make it so that when saving options to the LDAP
authentication screen, it doesn't take a blank password in Anonymous
Password to mean a blank password, especially after its been set. I
hate having to re-enter that password every single time.
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~--~~~~--~~--~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en