Re: Migrated to a new server, now LDAP doesn't work
Yes I do. And I found that the python-ldap module was failing to load due to some missing symbols in libldap. Which is apparently a known problem on Mac OS X Server 10.7.x, so says http://projects.skurfer.com/posts/2011/python_ldap_lion/ . I applied his workaround of using an older python-ldap and now I'm back up. Ian On Sat, Nov 12, 2011 at 7:27 AM, jack jack wrote: > do you have server log? /etc/httpd/logs/error.log > > On Fri, Nov 11, 2011 at 12:39 PM, Mail Team wrote: > >> Excpet for the actual server address, they go like this. I'm not >> entirely sure what kind of LDAP server it is, but I think it's something >> like Mac OS X Server 10.6.8. (I don't run that system.) >> >> LDAP Server: ldap://my.ldap.server >> LDAP Base DN: cn=users,dc=ldap,dc=server >> Given Name Attribute: givenName >> Surname Attribute: sn >> Full Name Attribute: cn >> E-Mail Domain: >> E-Mail LDAP Attribute: mail >> Use TLS for authentication >> User Mask: (uid=%s) >> Anonymous User Mask: >> Anonymous User Password: >> >> Ian >> >> >> On Thu, Nov 10, 2011 at 10:48 PM, Nilesh Jaiswal wrote: >> >>> Could you get me following details. >>> >>> Login as admin to your reviewboard. >>> >>> 1. Click to setting tab. >>> 2. Click Authentication tab. >>> >>> and get me details of the field mentioned then i can help you further. >>> >>> LDAP Server: >>> LDAP Base DN: >>> User Mask: >>> Anonymous User Mask: >>> etc >>> >>> >>> >>> On Fri, Nov 11, 2011 at 11:35 AM, Mail Team wrote: >>> Oh, and I have a clone of the server if there's anything I can do for testing. My Python skills are somewhere between crappy and nonexistent, but I can follow directions and install whatever crazy stuff on my clone to help. Ian On Thu, Nov 10, 2011 at 9:59 PM, Mail Team wrote: > Sorry, to answer your question from a few days ago, LDAP logins aren't > currently working at all for me, either from the web UI or from > post-review. > > Ian > > > On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal > wrote: > >> >> Hi Chris, >> >> The changes are done are as below please find the snippet. >> >> class LDAPBackend(AuthBackend): >> """Authenticate against a user on an LDAP server.""" >> name = _('LDAP') >> settings_form = LDAPSettingsForm >> >> def authenticate(self, username, password): >> username = username.strip() >> uid = settings.LDAP_UID_MASK % username >> logging.info("Start Authenticating username: %s" % username) >> logging.info("User UID is : %s" % uid) >> try: >> import ldap >> ldapo = ldap.initialize(settings.LDAP_URI) >> ldapo.set_option(ldap.OPT_REFERRALS, 0) >> ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) >> if settings.LDAP_TLS: >> ldapo.start_tls_s() >> >> *# May need to log in as the anonymous user before >> searching. >> Filter = '(&(objectClass=*)(sAMAccountName=%s))' % >> username >> Attrs=['displayName'] >> * >> if settings.LDAP_ANON_BIND_UID: >> ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, >> settings.LDAP_ANON_BIND_PASSWD) >> >>*search = ldapo.search(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, Attrs)* >> >> if not search: >> # no such a user, return early, no need for bind >> attempts >> logging.warning("LDAP error: The specified object >> does not " >> "exist in the Directory: %s" % >> uid) >> return None >> *# Adding my code Start >> search = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter) >> # Adding my code End >> * >> >> Similar changes in >> def get_or_create_user(self, username): >> >> *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % >> username >> Attrs=['displayName'] >> #passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> #ldap.SCOPE_SUBTREE, >> #settings.LDAP_UID_MASK % >> username) >> passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, >> Attrs) >> *if len(password) == 0: >> # Don't try to bind using an empty password; the >> server will >> # return success, which doesn't mean we have >> authenticated. >> # http://tools.ietf.org/html/rfc4513#section-5.1.2 >
Re: Migrated to a new server, now LDAP doesn't work
do you have server log? /etc/httpd/logs/error.log On Fri, Nov 11, 2011 at 12:39 PM, Mail Team wrote: > Excpet for the actual server address, they go like this. I'm not entirely > sure what kind of LDAP server it is, but I think it's something like Mac OS > X Server 10.6.8. (I don't run that system.) > > LDAP Server: ldap://my.ldap.server > LDAP Base DN: cn=users,dc=ldap,dc=server > Given Name Attribute: givenName > Surname Attribute: sn > Full Name Attribute: cn > E-Mail Domain: > E-Mail LDAP Attribute: mail > Use TLS for authentication > User Mask: (uid=%s) > Anonymous User Mask: > Anonymous User Password: > > Ian > > > On Thu, Nov 10, 2011 at 10:48 PM, Nilesh Jaiswal wrote: > >> Could you get me following details. >> >> Login as admin to your reviewboard. >> >> 1. Click to setting tab. >> 2. Click Authentication tab. >> >> and get me details of the field mentioned then i can help you further. >> >> LDAP Server: >> LDAP Base DN: >> User Mask: >> Anonymous User Mask: >> etc >> >> >> >> On Fri, Nov 11, 2011 at 11:35 AM, Mail Team wrote: >> >>> Oh, and I have a clone of the server if there's anything I can do for >>> testing. My Python skills are somewhere between crappy and nonexistent, >>> but I can follow directions and install whatever crazy stuff on my clone to >>> help. >>> >>> Ian >>> >>> >>> On Thu, Nov 10, 2011 at 9:59 PM, Mail Team wrote: >>> Sorry, to answer your question from a few days ago, LDAP logins aren't currently working at all for me, either from the web UI or from post-review. Ian On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal wrote: > > Hi Chris, > > The changes are done are as below please find the snippet. > > class LDAPBackend(AuthBackend): > """Authenticate against a user on an LDAP server.""" > name = _('LDAP') > settings_form = LDAPSettingsForm > > def authenticate(self, username, password): > username = username.strip() > uid = settings.LDAP_UID_MASK % username > logging.info("Start Authenticating username: %s" % username) > logging.info("User UID is : %s" % uid) > try: > import ldap > ldapo = ldap.initialize(settings.LDAP_URI) > ldapo.set_option(ldap.OPT_REFERRALS, 0) > ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) > if settings.LDAP_TLS: > ldapo.start_tls_s() > > *# May need to log in as the anonymous user before > searching. > Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username > Attrs=['displayName'] > * > if settings.LDAP_ANON_BIND_UID: > ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, > settings.LDAP_ANON_BIND_PASSWD) > >*search = ldapo.search(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter, Attrs)* > > if not search: > # no such a user, return early, no need for bind > attempts > logging.warning("LDAP error: The specified object does > not " > "exist in the Directory: %s" % > uid) > return None > *# Adding my code Start > search = ldapo.search_s(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter) > # Adding my code End > * > > Similar changes in > def get_or_create_user(self, username): > > *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % > username > Attrs=['displayName'] > #passwd = ldapo.search_s(settings.LDAP_BASE_DN, > #ldap.SCOPE_SUBTREE, > #settings.LDAP_UID_MASK % > username) > passwd = ldapo.search_s(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter, > Attrs) > *if len(password) == 0: > # Don't try to bind using an empty password; the > server will > # return success, which doesn't mean we have > authenticated. > # http://tools.ietf.org/html/rfc4513#section-5.1.2 > # http://tools.ietf.org/html/rfc4513#section-6.3.1 > logging.warning("Empty password for: %s" % uid) > return None > > ldapo.bind_s(search[0][0], password) > > return self.get_or_create_user(username) > > > After this changes i was able to authenticate using LDAP user from RB > GUI. This is my customize fix, if you have better fix please let us know. > > Regards, > Nilesh > > On
Re: Migrated to a new server, now LDAP doesn't work
Excpet for the actual server address, they go like this. I'm not entirely sure what kind of LDAP server it is, but I think it's something like Mac OS X Server 10.6.8. (I don't run that system.) LDAP Server: ldap://my.ldap.server LDAP Base DN: cn=users,dc=ldap,dc=server Given Name Attribute: givenName Surname Attribute: sn Full Name Attribute: cn E-Mail Domain: E-Mail LDAP Attribute: mail Use TLS for authentication User Mask: (uid=%s) Anonymous User Mask: Anonymous User Password: Ian On Thu, Nov 10, 2011 at 10:48 PM, Nilesh Jaiswal wrote: > Could you get me following details. > > Login as admin to your reviewboard. > > 1. Click to setting tab. > 2. Click Authentication tab. > > and get me details of the field mentioned then i can help you further. > > LDAP Server: > LDAP Base DN: > User Mask: > Anonymous User Mask: > etc > > > > On Fri, Nov 11, 2011 at 11:35 AM, Mail Team wrote: > >> Oh, and I have a clone of the server if there's anything I can do for >> testing. My Python skills are somewhere between crappy and nonexistent, >> but I can follow directions and install whatever crazy stuff on my clone to >> help. >> >> Ian >> >> >> On Thu, Nov 10, 2011 at 9:59 PM, Mail Team wrote: >> >>> Sorry, to answer your question from a few days ago, LDAP logins aren't >>> currently working at all for me, either from the web UI or from post-review. >>> >>> Ian >>> >>> >>> On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal wrote: >>> Hi Chris, The changes are done are as below please find the snippet. class LDAPBackend(AuthBackend): """Authenticate against a user on an LDAP server.""" name = _('LDAP') settings_form = LDAPSettingsForm def authenticate(self, username, password): username = username.strip() uid = settings.LDAP_UID_MASK % username logging.info("Start Authenticating username: %s" % username) logging.info("User UID is : %s" % uid) try: import ldap ldapo = ldap.initialize(settings.LDAP_URI) ldapo.set_option(ldap.OPT_REFERRALS, 0) ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() *# May need to log in as the anonymous user before searching. Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] * if settings.LDAP_ANON_BIND_UID: ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD) *search = ldapo.search(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs)* if not search: # no such a user, return early, no need for bind attempts logging.warning("LDAP error: The specified object does not " "exist in the Directory: %s" % uid) return None *# Adding my code Start search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter) # Adding my code End * Similar changes in def get_or_create_user(self, username): *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] #passwd = ldapo.search_s(settings.LDAP_BASE_DN, #ldap.SCOPE_SUBTREE, #settings.LDAP_UID_MASK % username) passwd = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs) *if len(password) == 0: # Don't try to bind using an empty password; the server will # return success, which doesn't mean we have authenticated. # http://tools.ietf.org/html/rfc4513#section-5.1.2 # http://tools.ietf.org/html/rfc4513#section-6.3.1 logging.warning("Empty password for: %s" % uid) return None ldapo.bind_s(search[0][0], password) return self.get_or_create_user(username) After this changes i was able to authenticate using LDAP user from RB GUI. This is my customize fix, if you have better fix please let us know. Regards, Nilesh On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond >>> > wrote: > Can you tell me what change you made? I'd like to get a fix into a > release. > > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.
Re: Migrated to a new server, now LDAP doesn't work
Could you get me following details. Login as admin to your reviewboard. 1. Click to setting tab. 2. Click Authentication tab. and get me details of the field mentioned then i can help you further. LDAP Server: LDAP Base DN: User Mask: Anonymous User Mask: etc On Fri, Nov 11, 2011 at 11:35 AM, Mail Team wrote: > Oh, and I have a clone of the server if there's anything I can do for > testing. My Python skills are somewhere between crappy and nonexistent, > but I can follow directions and install whatever crazy stuff on my clone to > help. > > Ian > > > On Thu, Nov 10, 2011 at 9:59 PM, Mail Team wrote: > >> Sorry, to answer your question from a few days ago, LDAP logins aren't >> currently working at all for me, either from the web UI or from post-review. >> >> Ian >> >> >> On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal wrote: >> >>> >>> Hi Chris, >>> >>> The changes are done are as below please find the snippet. >>> >>> class LDAPBackend(AuthBackend): >>> """Authenticate against a user on an LDAP server.""" >>> name = _('LDAP') >>> settings_form = LDAPSettingsForm >>> >>> def authenticate(self, username, password): >>> username = username.strip() >>> uid = settings.LDAP_UID_MASK % username >>> logging.info("Start Authenticating username: %s" % username) >>> logging.info("User UID is : %s" % uid) >>> try: >>> import ldap >>> ldapo = ldap.initialize(settings.LDAP_URI) >>> ldapo.set_option(ldap.OPT_REFERRALS, 0) >>> ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) >>> if settings.LDAP_TLS: >>> ldapo.start_tls_s() >>> >>> *# May need to log in as the anonymous user before >>> searching. >>> Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username >>> Attrs=['displayName'] >>> * >>> if settings.LDAP_ANON_BIND_UID: >>> ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, >>> settings.LDAP_ANON_BIND_PASSWD) >>> >>>*search = ldapo.search(settings.LDAP_BASE_DN, >>> ldap.SCOPE_SUBTREE, Filter, Attrs)* >>> >>> if not search: >>> # no such a user, return early, no need for bind attempts >>> logging.warning("LDAP error: The specified object does >>> not " >>> "exist in the Directory: %s" % >>> uid) >>> return None >>> *# Adding my code Start >>> search = ldapo.search_s(settings.LDAP_BASE_DN, >>> ldap.SCOPE_SUBTREE, Filter) >>> # Adding my code End >>> * >>> >>> Similar changes in >>> def get_or_create_user(self, username): >>> >>> *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % >>> username >>> Attrs=['displayName'] >>> #passwd = ldapo.search_s(settings.LDAP_BASE_DN, >>> #ldap.SCOPE_SUBTREE, >>> #settings.LDAP_UID_MASK % >>> username) >>> passwd = ldapo.search_s(settings.LDAP_BASE_DN, >>> ldap.SCOPE_SUBTREE, Filter, >>> Attrs) >>> *if len(password) == 0: >>> # Don't try to bind using an empty password; the server >>> will >>> # return success, which doesn't mean we have >>> authenticated. >>> # http://tools.ietf.org/html/rfc4513#section-5.1.2 >>> # http://tools.ietf.org/html/rfc4513#section-6.3.1 >>> logging.warning("Empty password for: %s" % uid) >>> return None >>> >>> ldapo.bind_s(search[0][0], password) >>> >>> return self.get_or_create_user(username) >>> >>> >>> After this changes i was able to authenticate using LDAP user from RB >>> GUI. This is my customize fix, if you have better fix please let us know. >>> >>> Regards, >>> Nilesh >>> >>> On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond >>> wrote: >>> Can you tell me what change you made? I'd like to get a fix into a release. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal wrote: > Its seems, you need to make the changes in the backends.py to add the > filter for the LDAP user, I was also facing this issue then i add the > filter and it started working for me > > > On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond > wrote: > >> Hi, >> >> Are you just having trouble with API logins using post-review, or the >> website as well? >> >> There are some issues we haven't yet tracked down specifically with >> LDAP logins with the API. I honestly don't know what's going on there,
Re: Migrated to a new server, now LDAP doesn't work
Oh, and I have a clone of the server if there's anything I can do for testing. My Python skills are somewhere between crappy and nonexistent, but I can follow directions and install whatever crazy stuff on my clone to help. Ian On Thu, Nov 10, 2011 at 9:59 PM, Mail Team wrote: > Sorry, to answer your question from a few days ago, LDAP logins aren't > currently working at all for me, either from the web UI or from post-review. > > Ian > > > On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal wrote: > >> >> Hi Chris, >> >> The changes are done are as below please find the snippet. >> >> class LDAPBackend(AuthBackend): >> """Authenticate against a user on an LDAP server.""" >> name = _('LDAP') >> settings_form = LDAPSettingsForm >> >> def authenticate(self, username, password): >> username = username.strip() >> uid = settings.LDAP_UID_MASK % username >> logging.info("Start Authenticating username: %s" % username) >> logging.info("User UID is : %s" % uid) >> try: >> import ldap >> ldapo = ldap.initialize(settings.LDAP_URI) >> ldapo.set_option(ldap.OPT_REFERRALS, 0) >> ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) >> if settings.LDAP_TLS: >> ldapo.start_tls_s() >> >> *# May need to log in as the anonymous user before searching. >> Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username >> Attrs=['displayName'] >> * >> if settings.LDAP_ANON_BIND_UID: >> ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, >> settings.LDAP_ANON_BIND_PASSWD) >> >>*search = ldapo.search(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, Attrs)* >> >> if not search: >> # no such a user, return early, no need for bind attempts >> logging.warning("LDAP error: The specified object does >> not " >> "exist in the Directory: %s" % >> uid) >> return None >> *# Adding my code Start >> search = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter) >> # Adding my code End >> * >> >> Similar changes in >> def get_or_create_user(self, username): >> >> *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % >> username >> Attrs=['displayName'] >> #passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> #ldap.SCOPE_SUBTREE, >> #settings.LDAP_UID_MASK % >> username) >> passwd = ldapo.search_s(settings.LDAP_BASE_DN, >> ldap.SCOPE_SUBTREE, Filter, Attrs) >> *if len(password) == 0: >> # Don't try to bind using an empty password; the server >> will >> # return success, which doesn't mean we have >> authenticated. >> # http://tools.ietf.org/html/rfc4513#section-5.1.2 >> # http://tools.ietf.org/html/rfc4513#section-6.3.1 >> logging.warning("Empty password for: %s" % uid) >> return None >> >> ldapo.bind_s(search[0][0], password) >> >> return self.get_or_create_user(username) >> >> >> After this changes i was able to authenticate using LDAP user from RB >> GUI. This is my customize fix, if you have better fix please let us know. >> >> Regards, >> Nilesh >> >> On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond >> wrote: >> >>> Can you tell me what change you made? I'd like to get a fix into a >>> release. >>> >>> >>> Christian >>> >>> -- >>> Christian Hammond - chip...@chipx86.com >>> Review Board - http://www.reviewboard.org >>> VMware, Inc. - http://www.vmware.com >>> >>> >>> On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal wrote: >>> Its seems, you need to make the changes in the backends.py to add the filter for the LDAP user, I was also facing this issue then i add the filter and it started working for me On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond wrote: > Hi, > > Are you just having trouble with API logins using post-review, or the > website as well? > > There are some issues we haven't yet tracked down specifically with > LDAP logins with the API. I honestly don't know what's going on there, and > nobody who has such a setup has been able to debug enough to figure out > the > root cause. > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > > On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: > >> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets >> 0.6.13, django_evolution 0.6.5
Re: Migrated to a new server, now LDAP doesn't work
Sorry, to answer your question from a few days ago, LDAP logins aren't currently working at all for me, either from the web UI or from post-review. Ian On Thu, Nov 10, 2011 at 2:54 AM, Nilesh Jaiswal wrote: > > Hi Chris, > > The changes are done are as below please find the snippet. > > class LDAPBackend(AuthBackend): > """Authenticate against a user on an LDAP server.""" > name = _('LDAP') > settings_form = LDAPSettingsForm > > def authenticate(self, username, password): > username = username.strip() > uid = settings.LDAP_UID_MASK % username > logging.info("Start Authenticating username: %s" % username) > logging.info("User UID is : %s" % uid) > try: > import ldap > ldapo = ldap.initialize(settings.LDAP_URI) > ldapo.set_option(ldap.OPT_REFERRALS, 0) > ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) > if settings.LDAP_TLS: > ldapo.start_tls_s() > > *# May need to log in as the anonymous user before searching. > Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username > Attrs=['displayName'] > * > if settings.LDAP_ANON_BIND_UID: > ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, > settings.LDAP_ANON_BIND_PASSWD) > >*search = ldapo.search(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter, Attrs)* > > if not search: > # no such a user, return early, no need for bind attempts > logging.warning("LDAP error: The specified object does not > " > "exist in the Directory: %s" % > uid) > return None > *# Adding my code Start > search = ldapo.search_s(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter) > # Adding my code End > * > > Similar changes in > def get_or_create_user(self, username): > > *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % > username > Attrs=['displayName'] > #passwd = ldapo.search_s(settings.LDAP_BASE_DN, > #ldap.SCOPE_SUBTREE, > #settings.LDAP_UID_MASK % username) > passwd = ldapo.search_s(settings.LDAP_BASE_DN, > ldap.SCOPE_SUBTREE, Filter, Attrs) > *if len(password) == 0: > # Don't try to bind using an empty password; the server > will > # return success, which doesn't mean we have authenticated. > # http://tools.ietf.org/html/rfc4513#section-5.1.2 > # http://tools.ietf.org/html/rfc4513#section-6.3.1 > logging.warning("Empty password for: %s" % uid) > return None > > ldapo.bind_s(search[0][0], password) > > return self.get_or_create_user(username) > > > After this changes i was able to authenticate using LDAP user from RB GUI. > This is my customize fix, if you have better fix please let us know. > > Regards, > Nilesh > > On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond wrote: > >> Can you tell me what change you made? I'd like to get a fix into a >> release. >> >> >> Christian >> >> -- >> Christian Hammond - chip...@chipx86.com >> Review Board - http://www.reviewboard.org >> VMware, Inc. - http://www.vmware.com >> >> >> On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal wrote: >> >>> Its seems, you need to make the changes in the backends.py to add the >>> filter for the LDAP user, I was also facing this issue then i add the >>> filter and it started working for me >>> >>> >>> On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond >>> wrote: >>> Hi, Are you just having trouble with API logins using post-review, or the website as well? There are some issues we haven't yet tracked down specifically with LDAP logins with the API. I honestly don't know what's going on there, and nobody who has such a setup has been able to debug enough to figure out the root cause. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: > And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, > django_evolution 0.6.5. > > Ian > > > On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: > >> And the client was using Python 2.7 all along. It was using RBTools >> 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. >> >> Ian >> >> >> On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: >> >>> A bit more info: >>> My old server used Python 2.6, my new server uses 2.7. >>>
Re: Migrated to a new server, now LDAP doesn't work
Hi Chris, The changes are done are as below please find the snippet. class LDAPBackend(AuthBackend): """Authenticate against a user on an LDAP server.""" name = _('LDAP') settings_form = LDAPSettingsForm def authenticate(self, username, password): username = username.strip() uid = settings.LDAP_UID_MASK % username logging.info("Start Authenticating username: %s" % username) logging.info("User UID is : %s" % uid) try: import ldap ldapo = ldap.initialize(settings.LDAP_URI) ldapo.set_option(ldap.OPT_REFERRALS, 0) ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3) if settings.LDAP_TLS: ldapo.start_tls_s() *# May need to log in as the anonymous user before searching. Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] * if settings.LDAP_ANON_BIND_UID: ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD) *search = ldapo.search(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs)* if not search: # no such a user, return early, no need for bind attempts logging.warning("LDAP error: The specified object does not " "exist in the Directory: %s" % uid) return None *# Adding my code Start search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter) # Adding my code End * Similar changes in def get_or_create_user(self, username): *Filter = '(&(objectClass=*)(sAMAccountName=%s))' % username Attrs=['displayName'] #passwd = ldapo.search_s(settings.LDAP_BASE_DN, #ldap.SCOPE_SUBTREE, #settings.LDAP_UID_MASK % username) passwd = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, Filter, Attrs) *if len(password) == 0: # Don't try to bind using an empty password; the server will # return success, which doesn't mean we have authenticated. # http://tools.ietf.org/html/rfc4513#section-5.1.2 # http://tools.ietf.org/html/rfc4513#section-6.3.1 logging.warning("Empty password for: %s" % uid) return None ldapo.bind_s(search[0][0], password) return self.get_or_create_user(username) After this changes i was able to authenticate using LDAP user from RB GUI. This is my customize fix, if you have better fix please let us know. Regards, Nilesh On Thu, Nov 10, 2011 at 3:52 PM, Christian Hammond wrote: > Can you tell me what change you made? I'd like to get a fix into a release. > > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal wrote: > >> Its seems, you need to make the changes in the backends.py to add the >> filter for the LDAP user, I was also facing this issue then i add the >> filter and it started working for me >> >> >> On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond wrote: >> >>> Hi, >>> >>> Are you just having trouble with API logins using post-review, or the >>> website as well? >>> >>> There are some issues we haven't yet tracked down specifically with LDAP >>> logins with the API. I honestly don't know what's going on there, and >>> nobody who has such a setup has been able to debug enough to figure out the >>> root cause. >>> >>> Christian >>> >>> -- >>> Christian Hammond - chip...@chipx86.com >>> Review Board - http://www.reviewboard.org >>> VMware, Inc. - http://www.vmware.com >>> >>> >>> >>> On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: >>> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, django_evolution 0.6.5. Ian On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: > And the client was using Python 2.7 all along. It was using RBTools > 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. > > Ian > > > On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: > >> A bit more info: >> My old server used Python 2.6, my new server uses 2.7. >> >> $ post-review --debug -o dummyfile >> >>> RBTools 0.3.4 >> >>> Home = /path/to/my/home >> >>> svn info >> >>> diff --version >> >>> repository info: Path: svn+ssh://my.repository/url, Base path: >> /trunk, Supports changesets: False >> >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >> >>> HTTP GETting api/ >> >>> HTTP GETting http://my.reviewboard.server/coder
Re: Migrated to a new server, now LDAP doesn't work
Can you tell me what change you made? I'd like to get a fix into a release. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Wed, Nov 9, 2011 at 11:45 PM, Nilesh Jaiswal wrote: > Its seems, you need to make the changes in the backends.py to add the > filter for the LDAP user, I was also facing this issue then i add the > filter and it started working for me > > > On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond wrote: > >> Hi, >> >> Are you just having trouble with API logins using post-review, or the >> website as well? >> >> There are some issues we haven't yet tracked down specifically with LDAP >> logins with the API. I honestly don't know what's going on there, and >> nobody who has such a setup has been able to debug enough to figure out the >> root cause. >> >> Christian >> >> -- >> Christian Hammond - chip...@chipx86.com >> Review Board - http://www.reviewboard.org >> VMware, Inc. - http://www.vmware.com >> >> >> >> On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: >> >>> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, >>> django_evolution 0.6.5. >>> >>> Ian >>> >>> >>> On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: >>> And the client was using Python 2.7 all along. It was using RBTools 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. Ian On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: > A bit more info: > My old server used Python 2.6, my new server uses 2.7. > > $ post-review --debug -o dummyfile > >>> RBTools 0.3.4 > >>> Home = /path/to/my/home > >>> svn info > >>> diff --version > >>> repository info: Path: svn+ssh://my.repository/url, Base path: > /trunk, Supports changesets: False > >>> svn propget reviewboard:url /path/to/my/working/copy/trunk > >>> HTTP GETting api/ > >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ > ==> HTTP Authentication Required > Enter authorization information for "Web API" at mailteam.apple.com > Username: iana > Password: > >>> Got API Error 103 (HTTP code 401): You are not logged in > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not > logged in', u'code': 103}} > Unable to log in with the supplied username and password. > > When I use post-review as above, I do get some logs but they're not > all that helpful to me. > DEBUG Attempting authentication on API for user iana > DEBUG API Login failed. No valid user found. > > On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: > >> I moved my Review Board installation to a new server via rb-site >> manage dumpdata/loaddata which seemed to go fine, but now LDAP logins >> don't >> work. If I go into the admin interface and click on Logs, there's >> nothing. >> Any idea how I could debug this? Any silly gotchas that I might be >> missing? >> >> Ian >> > >>> -- >>> Want to help the Review Board project? Donate today at >>> http://www.reviewboard.org/donate/ >>> Happy user? Let us know at http://www.reviewboard.org/users/ >>> -~--~~~~--~~--~--~--- >>> To unsubscribe from this group, send email to >>> reviewboard+unsubscr...@googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/group/reviewboard?hl=en >>> >> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
Its seems, you need to make the changes in the backends.py to add the filter for the LDAP user, I was also facing this issue then i add the filter and it started working for me On Tue, Nov 8, 2011 at 4:58 AM, Christian Hammond wrote: > Hi, > > Are you just having trouble with API logins using post-review, or the > website as well? > > There are some issues we haven't yet tracked down specifically with LDAP > logins with the API. I honestly don't know what's going on there, and > nobody who has such a setup has been able to debug enough to figure out the > root cause. > > Christian > > -- > Christian Hammond - chip...@chipx86.com > Review Board - http://www.reviewboard.org > VMware, Inc. - http://www.vmware.com > > > > On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: > >> And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, >> django_evolution 0.6.5. >> >> Ian >> >> >> On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: >> >>> And the client was using Python 2.7 all along. It was using RBTools >>> 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. >>> >>> Ian >>> >>> >>> On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: >>> A bit more info: My old server used Python 2.6, my new server uses 2.7. $ post-review --debug -o dummyfile >>> RBTools 0.3.4 >>> Home = /path/to/my/home >>> svn info >>> diff --version >>> repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, Supports changesets: False >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >>> HTTP GETting api/ >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ ==> HTTP Authentication Required Enter authorization information for "Web API" at mailteam.apple.com Username: iana Password: >>> Got API Error 103 (HTTP code 401): You are not logged in >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}} Unable to log in with the supplied username and password. When I use post-review as above, I do get some logs but they're not all that helpful to me. DEBUG Attempting authentication on API for user iana DEBUG API Login failed. No valid user found. On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: > I moved my Review Board installation to a new server via rb-site > manage dumpdata/loaddata which seemed to go fine, but now LDAP logins > don't > work. If I go into the admin interface and click on Logs, there's > nothing. > Any idea how I could debug this? Any silly gotchas that I might be > missing? > > Ian > >>> >> -- >> Want to help the Review Board project? Donate today at >> http://www.reviewboard.org/donate/ >> Happy user? Let us know at http://www.reviewboard.org/users/ >> -~--~~~~--~~--~--~--- >> To unsubscribe from this group, send email to >> reviewboard+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/reviewboard?hl=en >> > > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
Hi, Are you just having trouble with API logins using post-review, or the website as well? There are some issues we haven't yet tracked down specifically with LDAP logins with the API. I honestly don't know what's going on there, and nobody who has such a setup has been able to debug enough to figure out the root cause. Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com On Mon, Nov 7, 2011 at 2:41 PM, Mail Team wrote: > And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, > django_evolution 0.6.5. > > Ian > > > On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: > >> And the client was using Python 2.7 all along. It was using RBTools >> 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. >> >> Ian >> >> >> On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: >> >>> A bit more info: >>> My old server used Python 2.6, my new server uses 2.7. >>> >>> $ post-review --debug -o dummyfile >>> >>> RBTools 0.3.4 >>> >>> Home = /path/to/my/home >>> >>> svn info >>> >>> diff --version >>> >>> repository info: Path: svn+ssh://my.repository/url, Base path: >>> /trunk, Supports changesets: False >>> >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >>> >>> HTTP GETting api/ >>> >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ >>> ==> HTTP Authentication Required >>> Enter authorization information for "Web API" at mailteam.apple.com >>> Username: iana >>> Password: >>> >>> Got API Error 103 (HTTP code 401): You are not logged in >>> >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged >>> in', u'code': 103}} >>> Unable to log in with the supplied username and password. >>> >>> When I use post-review as above, I do get some logs but they're not all >>> that helpful to me. >>> DEBUG Attempting authentication on API for user iana >>> DEBUG API Login failed. No valid user found. >>> >>> On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: >>> I moved my Review Board installation to a new server via rb-site manage dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. If I go into the admin interface and click on Logs, there's nothing. Any idea how I could debug this? Any silly gotchas that I might be missing? Ian >>> >> > -- > Want to help the Review Board project? Donate today at > http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to > reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/reviewboard?hl=en > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
And the server is ReviewBoard 1.6.1 with Django 1.3.1, Djblets 0.6.13, django_evolution 0.6.5. Ian On Sun, Nov 6, 2011 at 1:13 AM, Mail Team wrote: > And the client was using Python 2.7 all along. It was using RBTools > 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. > > Ian > > > On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: > >> A bit more info: >> My old server used Python 2.6, my new server uses 2.7. >> >> $ post-review --debug -o dummyfile >> >>> RBTools 0.3.4 >> >>> Home = /path/to/my/home >> >>> svn info >> >>> diff --version >> >>> repository info: Path: svn+ssh://my.repository/url, Base path: >> /trunk, Supports changesets: False >> >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >> >>> HTTP GETting api/ >> >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ >> ==> HTTP Authentication Required >> Enter authorization information for "Web API" at mailteam.apple.com >> Username: iana >> Password: >> >>> Got API Error 103 (HTTP code 401): You are not logged in >> >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged >> in', u'code': 103}} >> Unable to log in with the supplied username and password. >> >> When I use post-review as above, I do get some logs but they're not all >> that helpful to me. >> DEBUG Attempting authentication on API for user iana >> DEBUG API Login failed. No valid user found. >> >> On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: >> >>> I moved my Review Board installation to a new server via rb-site manage >>> dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. >>> If I go into the admin interface and click on Logs, there's nothing. Any >>> idea how I could debug this? Any silly gotchas that I might be missing? >>> >>> Ian >>> >> > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Migrated to a new server, now LDAP doesn't work
I moved my Review Board installation to a new server via rb-site manage dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. If I go into the admin interface and click on Logs, there's nothing. Any idea how I could debug this? Any silly gotchas that I might be missing? Ian -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
And the client was using Python 2.7 all along. It was using RBTools 0.3.3, I tried updating them to 0.3.4 but that didn't make a difference. Ian On Sun, Nov 6, 2011 at 1:12 AM, Mail Team wrote: > A bit more info: > My old server used Python 2.6, my new server uses 2.7. > > $ post-review --debug -o dummyfile > >>> RBTools 0.3.4 > >>> Home = /path/to/my/home > >>> svn info > >>> diff --version > >>> repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, > Supports changesets: False > >>> svn propget reviewboard:url /path/to/my/working/copy/trunk > >>> HTTP GETting api/ > >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ > ==> HTTP Authentication Required > Enter authorization information for "Web API" at mailteam.apple.com > Username: iana > Password: > >>> Got API Error 103 (HTTP code 401): You are not logged in > >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged > in', u'code': 103}} > Unable to log in with the supplied username and password. > > When I use post-review as above, I do get some logs but they're not all > that helpful to me. > DEBUG Attempting authentication on API for user iana > DEBUG API Login failed. No valid user found. > > On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: > >> I moved my Review Board installation to a new server via rb-site manage >> dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. >> If I go into the admin interface and click on Logs, there's nothing. Any >> idea how I could debug this? Any silly gotchas that I might be missing? >> >> Ian >> > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Migrated to a new server, now LDAP doesn't work
A bit more info: My old server used Python 2.6, my new server uses 2.7. $ post-review --debug -o dummyfile >>> RBTools 0.3.4 >>> Home = /path/to/my/home >>> svn info >>> diff --version >>> repository info: Path: svn+ssh://my.repository/url, Base path: /trunk, Supports changesets: False >>> svn propget reviewboard:url /path/to/my/working/copy/trunk >>> HTTP GETting api/ >>> HTTP GETting http://my.reviewboard.server/codereviews/api/info/ ==> HTTP Authentication Required Enter authorization information for "Web API" at mailteam.apple.com Username: iana Password: >>> Got API Error 103 (HTTP code 401): You are not logged in >>> Error data: {u'stat': u'fail', u'err': {u'msg': u'You are not logged in', u'code': 103}} Unable to log in with the supplied username and password. When I use post-review as above, I do get some logs but they're not all that helpful to me. DEBUG Attempting authentication on API for user iana DEBUG API Login failed. No valid user found. On Sun, Nov 6, 2011 at 1:43 AM, Mail Team wrote: > I moved my Review Board installation to a new server via rb-site manage > dumpdata/loaddata which seemed to go fine, but now LDAP logins don't work. > If I go into the admin interface and click on Logs, there's nothing. Any > idea how I could debug this? Any silly gotchas that I might be missing? > > Ian > -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en