Re: Change in LDAP authentication behavior in 1.7.14 breaks environments that don't allow anonymous searches
David, Sorry for the massive delay! I've finally posted it at https://reviews.reviewboard.org/r/4953/. On Friday, October 18, 2013 1:51:59 AM UTC-7, David Trowbridge wrote: Daniel, I'd suggest making a quick clone of the reviewboard repository, making your change, and then posting your diff against the reviewboard repository by either creating a diff manually (git diff --full-index) or using rbt post. -David On Tue, Oct 15, 2013 at 4:57 PM, Daniel Kan danie...@gmail.comjavascript: wrote: David, Sure, although I'm not sure how to post a bare diff there without specifying a repository. Is that possible? Thanks! On Thursday, September 26, 2013 2:43:43 PM UTC-7, David Trowbridge wrote: Would you mind submitting your change to http://reviews.reviewboard.org/? Thanks! -David On Tue, Sep 24, 2013 at 7:32 PM, Daniel Kan danie...@gmail.com wrote: I am using RB 1.7.x with an LDAP authentication backend and it's been working fine up through 1.7.13. With 1.7.14, the authentication mechanism no longer works in my environment. After some digging, it appears that there was a change in reviewboard/accounts/backends.py to search anonymously for the user before attempting to bind. The LDAP server in my environment is set up to not return any results to anonymous queries and so the authentication attempt fails. Is there a reason this was changed? Thanks!!! In an attempt to preserve the existing behavior of doing an anonymous search but then attempting a bind as a specific user if the anonymous search returns nothing, I made the following change which works for me: --- reviewboard/accounts/backends.py.orig 2013-09-24 16:18:47.0 -0700 +++ reviewboard/accounts/backends.py2013-09-24 16:20:01.0 -0700 @@ -210,7 +210,10 @@ search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, uid) -userbinding = search[0][0] + if (len(search) 0): + userbinding = search[0][0] + else: + userbinding=','.join([uid, settings.LDAP_BASE_DN]) ldapo.bind_s(userbinding, password) return self.get_or_create_user(username, None, ldapo) -- Get the Review Board Power Pack at http://www.reviewboard.org/ powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Change in LDAP authentication behavior in 1.7.14 breaks environments that don't allow anonymous searches
Daniel, I'd suggest making a quick clone of the reviewboard repository, making your change, and then posting your diff against the reviewboard repository by either creating a diff manually (git diff --full-index) or using rbt post. -David On Tue, Oct 15, 2013 at 4:57 PM, Daniel Kan danielk...@gmail.com wrote: David, Sure, although I'm not sure how to post a bare diff there without specifying a repository. Is that possible? Thanks! On Thursday, September 26, 2013 2:43:43 PM UTC-7, David Trowbridge wrote: Would you mind submitting your change to http://reviews.reviewboard.** org/ http://reviews.reviewboard.org/ ? Thanks! -David On Tue, Sep 24, 2013 at 7:32 PM, Daniel Kan danie...@gmail.com wrote: I am using RB 1.7.x with an LDAP authentication backend and it's been working fine up through 1.7.13. With 1.7.14, the authentication mechanism no longer works in my environment. After some digging, it appears that there was a change in reviewboard/accounts/**backends.py to search anonymously for the user before attempting to bind. The LDAP server in my environment is set up to not return any results to anonymous queries and so the authentication attempt fails. Is there a reason this was changed? Thanks!!! In an attempt to preserve the existing behavior of doing an anonymous search but then attempting a bind as a specific user if the anonymous search returns nothing, I made the following change which works for me: --- reviewboard/accounts/backends.**py.orig 2013-09-24 16:18:47.0 -0700 +++ reviewboard/accounts/backends.**py2013-09-24 16:20:01.0 -0700 @@ -210,7 +210,10 @@ search = ldapo.search_s(settings.LDAP_**BASE_DN, ldap.SCOPE_SUBTREE, uid) -userbinding = search[0][0] + if (len(search) 0): + userbinding = search[0][0] + else: + userbinding=','.join([uid,** settings.LDAP_BASE_DN]) ldapo.bind_s(userbinding, password) return self.get_or_create_user(**username, None, ldapo) -- Get the Review Board Power Pack at http://www.reviewboard.org/** powerpack/ http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/**users/http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@**googlegroups.com. For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Change in LDAP authentication behavior in 1.7.14 breaks environments that don't allow anonymous searches
David, Sure, although I'm not sure how to post a bare diff there without specifying a repository. Is that possible? Thanks! On Thursday, September 26, 2013 2:43:43 PM UTC-7, David Trowbridge wrote: Would you mind submitting your change to http://reviews.reviewboard.org/ ? Thanks! -David On Tue, Sep 24, 2013 at 7:32 PM, Daniel Kan danie...@gmail.comjavascript: wrote: I am using RB 1.7.x with an LDAP authentication backend and it's been working fine up through 1.7.13. With 1.7.14, the authentication mechanism no longer works in my environment. After some digging, it appears that there was a change in reviewboard/accounts/backends.py to search anonymously for the user before attempting to bind. The LDAP server in my environment is set up to not return any results to anonymous queries and so the authentication attempt fails. Is there a reason this was changed? Thanks!!! In an attempt to preserve the existing behavior of doing an anonymous search but then attempting a bind as a specific user if the anonymous search returns nothing, I made the following change which works for me: --- reviewboard/accounts/backends.py.orig 2013-09-24 16:18:47.0 -0700 +++ reviewboard/accounts/backends.py2013-09-24 16:20:01.0 -0700 @@ -210,7 +210,10 @@ search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, uid) -userbinding = search[0][0] + if (len(search) 0): + userbinding = search[0][0] + else: + userbinding=','.join([uid,settings.LDAP_BASE_DN]) ldapo.bind_s(userbinding, password) return self.get_or_create_user(username, None, ldapo) -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Change in LDAP authentication behavior in 1.7.14 breaks environments that don't allow anonymous searches
Would you mind submitting your change to http://reviews.reviewboard.org/ ? Thanks! -David On Tue, Sep 24, 2013 at 7:32 PM, Daniel Kan danielk...@gmail.com wrote: I am using RB 1.7.x with an LDAP authentication backend and it's been working fine up through 1.7.13. With 1.7.14, the authentication mechanism no longer works in my environment. After some digging, it appears that there was a change in reviewboard/accounts/backends.py to search anonymously for the user before attempting to bind. The LDAP server in my environment is set up to not return any results to anonymous queries and so the authentication attempt fails. Is there a reason this was changed? Thanks!!! In an attempt to preserve the existing behavior of doing an anonymous search but then attempting a bind as a specific user if the anonymous search returns nothing, I made the following change which works for me: --- reviewboard/accounts/backends.py.orig 2013-09-24 16:18:47.0 -0700 +++ reviewboard/accounts/backends.py2013-09-24 16:20:01.0 -0700 @@ -210,7 +210,10 @@ search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, uid) -userbinding = search[0][0] + if (len(search) 0): + userbinding = search[0][0] + else: + userbinding=','.join([uid,settings.LDAP_BASE_DN]) ldapo.bind_s(userbinding, password) return self.get_or_create_user(username, None, ldapo) -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: Change in LDAP authentication behavior in 1.7.14 breaks environments that don't allow anonymous searches
I found that it was easiest to simply copy the code from the authenticator closest to what I want,ed and then customize as needed. Then select the new authenticator as your custom option. Eric On Sep 24, 2013, at 4:32 PM, Daniel Kan danielk...@gmail.com wrote: I am using RB 1.7.x with an LDAP authentication backend and it's been working fine up through 1.7.13. With 1.7.14, the authentication mechanism no longer works in my environment. After some digging, it appears that there was a change in reviewboard/accounts/backends.py to search anonymously for the user before attempting to bind. The LDAP server in my environment is set up to not return any results to anonymous queries and so the authentication attempt fails. Is there a reason this was changed? Thanks!!! In an attempt to preserve the existing behavior of doing an anonymous search but then attempting a bind as a specific user if the anonymous search returns nothing, I made the following change which works for me: --- reviewboard/accounts/backends.py.orig 2013-09-24 16:18:47.0 -0700 +++ reviewboard/accounts/backends.py2013-09-24 16:20:01.0 -0700 @@ -210,7 +210,10 @@ search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, uid) -userbinding = search[0][0] + if (len(search) 0): + userbinding = search[0][0] + else: + userbinding=','.join([uid,settings.LDAP_BASE_DN]) ldapo.bind_s(userbinding, password) return self.get_or_create_user(username, None, ldapo) -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups reviewboard group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
