Active Directory - Can't Assign New User to Review

[fireworm]

New install of RB 2.0.2 on Ubuntu, with Active Directory login working.  Users can login once and create their account correctly.

But I can't seem to add a user to a review who has not logged in at least once.

I enabled logging, but don't see anything in the log after failing to add a user.

(Looking at the sources, backends.py for ActiveDirectory doesn't output errors for exceptions in get_or_create_user())

Any advice on how to get this working?

[Christian Hammond]

Hi,

Would you feel comfortable adding some logging statements to the ActiveDirectory code to help track this down? It’s supposed to look up the appropriate user and add it, even if Review Board doesn’t yet know about it.

I can give you instructions on where to add them.

Christian

-- 
Christian Hammond - chri...@beanbaginc.com
Review Board - http://www.reviewboard.org

Beanbag, Inc. - http://www.beanbaginc.com

--
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
---
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
---
Happy user? Let us know at http://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[fireworm]

I'd be ok with adding some logging.

Just be super explicit on what to do and what commands to run after.  :)

[fireworm]

*bump*

Any ideas on what I can do?

[Christian Hammond]

Sorry, busy few days.

You would need to edit reviewboard/accounts/backends.py and look for ActiveDirectoryBackend.

In it, you will find a ‘get_or_create_user’ function.

I’d start by adding a logging statement just below where username is assigned:

    logging.debug(‘ActiveDirectoryBackend.get_or_create_user: username = %s’, username)

Then, after the ‘user =‘ line:

    logging.debug(‘ActiveDirectoryBackend.get_or_create_user: Found user: %r’, user)

Then, before the ‘return user’:

    logging.debug(‘ActiveDirectoryBackend.get_or_create_user: Created new user %r’, user)

Then, change the ‘except’: to:

    except Exception as e:

        logging.error(‘ActiveDirectoryBackend.get_or_create_user: Failed to create user: %s’, e, exc_info=1)

Make sure to keep all indentation as spaces, multiples of 4.

You’ll then need to restart Apache, try to add a user in LDAP, and see what’s in the log.

The users will not appear in the auto-complete list until the user has either logged in or you’ve explicitly typed their username and added them at least once.

Christian

-- 
Christian Hammond - chri...@beanbaginc.com
Review Board - http://www.reviewboard.org

Beanbag, Inc. - http://www.beanbaginc.com

[fireworm]

I modified the one in /usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0.1-py2.7.egg/reviewboard/accounts/backend.py

Then I restarted Apache, and reloaded the page, and tried to add a user who doesn't have an RB account.

(I see an updated pyc in that folder as well)

But I don't see anything in reviewboard.log or the apache error.log.

[Christian Hammond]

Just to sanity-check, can you tell me the exact steps you’re using for adding a user, and exactly what you see on the screen?

Christian

-- 
Christian Hammond - chri...@beanbaginc.com
Review Board - http://www.reviewboard.org

Beanbag, Inc. - http://www.beanbaginc.com

[Bruce Cran]

Have you bumped the logging level to DEBUG in the admin settings?

--

Bruce

[fireworm]

Christian:

Open an existing review open in the RB website.

Click the pencil under 'People' (which brings up a text box that is empty (no one is currently on the review)).

Type in a name in our domain that doesn't have an account yet.  (Other accounts show up in the 'intellisense'.)

Hit Enter.

Message in red says "User '<the name I typed in>' does not exist."

Bruce:

Yes, looking at the server log I even see other logs at DEBUG and INFO level.

18:08:32	WARNING	- /usr/local/lib/python2.7/dist-packages/Django-1.6.5-py2.7.egg/django/http/response.py:327: DeprecationWarning: Using mimetype keyword argument is deprecated, use content_type instead super(HttpResponse, self).__init__(*args, **kwargs)
18:52:28	DEBUG	- DiffParser.parse: Beginning parse of diff, size = 16150

[Christian Hammond]

Hmm, it should be called under those conditions.

Just to check, are you using the Local Sites feature? (If you don’t know what that is, then no.)

Can you also just verify in Authentication Settings that it’s Active Directory and not LDAP?

Christian

-- 
Christian Hammond - chri...@beanbaginc.com
Review Board - http://www.reviewboard.org

Beanbag, Inc. - http://www.beanbaginc.com

--

[fireworm]

Local Site: Not that I'm aware. (I don't know what it is...)

Yep, Authentication Settings are Active Directory.  (New Users can login via AD just fine.)

[fireworm]

...I get the feeling my changes to the python are somehow not being actually run.

Is there a place I can put a logging.debug() call that absolutely gets hit 100% of the time to make sure i can see it?

[fireworm]

Ok, adding garbage text to the python is not causing the server to go down, I'm thinking my updates aren't taking effect.

More sanity checking: I don't have any of the developer code installed and am modifying the install itself, right?  I don't need to update an executable somewhere forcibly?

The folder which I'm updating the python is in:

/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0.1-py2.7.egg/reviewboard

I see the pyc get updated, but again, it just runs happily, which seems very suspicious to me.

I even put logging in webapi/resources/review_request.py, in _find_user(), which didn't update.

Does any of this make sense?

[Christian Hammond]

Yeah, it does sound like it’s not executing.

Try removing the .pyc file, just to check.

Christian

-- 
Christian Hammond - chri...@beanbaginc.com
Review Board - http://www.reviewboard.org

Beanbag, Inc. - http://www.beanbaginc.com

[fireworm]

Removed the pyc file (review_request.pyc).

Set myself as the owner (not www-data or admin or whatever).

Restarted apache.

Refreshed the review webpage.

Page loaded just fine, no pyc next to review_request.py.

Seems super suspicious.

[fireworm]

*bump*

Anyone have any ideas?

[Jason Batchkoff]

*bump bump*

Anyone?  Still haven't figured out how to get a local change to the py scripts to reflect correctly in the running copy.

You received this message because you are subscribed to a topic in the Google Groups "reviewboard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/reviewboard/Ke0exQ0uLek/unsubscribe.
To unsubscribe from this group and all its topics, send an email to reviewboard...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
Jason Batchkoff
(518) 366-0532
FireW...@gmail.com

[Bruce Cran]

Do you also need to restart memcached?

--

Bruce

[David Trowbridge]

You probably need to delete the .pyc file and reload the web server.

-David

--

[fireworm]

Yep, that's what I did.  But it refuses to acknowledge I changed the actual execution logic...  Or it's just super smart?

For reference, here's what I'm doing:

$ sudo chown -R [me] /usr/locla/lib/python2.7/dist-packages/reviewboard-2.0.1-py2.7.egg/

     [delete review_request.pyc and backends.pyc]

$ sudo chown -R www-data /usr/locla/lib/python2.7/dist-packages/reviewboard-2.0.1-py2.7.egg/

$ sudo service apache2 restart

$ sudo service memcached restart

     [reload webpage, try to add a user to the review]

     [see that both request_review.pyc and backends.pyc are updated]

$ cat /bar/www/[rbsite]/logs/reviewboard.log

     [no prints in there from my new logging.debug()]

$ sudo cat /var/log/apache2/error.log

     [no prints in there from 'bad python code']

I think I'm going insane...

I've even just restarted the computer itself too, but that doesn't do anything either...

[David Trowbridge]

That's pretty mysterious. Are you sure that the logging you added is in the correct places?

-David

[fireworm]

/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0.1-py2.7.egg/reviewboard/accounts/backends.py

Line 698:

    def get_or_create_user(self, username, request, ad_user_data):

        username = re.sub(INVALID_USERNAME_CHAR_REGEX, '', username).lower()

        logging.error('ActiveDirectoryBackend.get_or_create_user: username = %s', username)

/usr/local/lib/python2.7/dist-packages/ReviewBoard-2.0.1-py2.7.egg/reviewboard/webapi/resources/review_request.py

Line 1043:

    def _find_user(self, username, local_site, request):

        """Finds a User object matching ``username``.

        This will search all authentication backends, and may create the

        User object if the authentication backend knows that the user exists.

        """

        username = username.strip()

        ddkflogging.warningsss('trying to find user...')

At this point, I swear there's something simple I'm doing wrong.  (Ubuntu isn't exactly an OS I use everyday.)