ReviewBoard LDAP authentication fails.

1,561 views
Skip to first unread message

Dexter

unread,
Dec 1, 2011, 2:46:44 AM12/1/11
to reviewboard
With reviewboard 1.6.3 configured LDAP Authentication. Here is the
setting used

> Unchecked "Allowed anonymous read-only accesss"
> Authentication Method "LDAP"
> LDAP server "ldap://<hidden>"
> LDAP Base DN "<hidden>"
> Given Name attribute "givenName"
> Surname attribute "sn"
> Full name attribute "displayName"
> Email domain - Not set. Left blank
> Email LDAP attribute "mail"
> Unchecked "Use TLS for Authentication"
> User mask "(cn=%s)"
> Anon user mask "<hidden>"
> Anon user pass "<hidden>"

Use case : Login as LDAP user fails.
Error message from reviewboard log :
2011-12-01 13:08:19,474 - WARNING - LDAP error: The specified object
does not exist in the Directory or provided invalid credentials:
(cn=<username_hidden>)


The same credentials when tried with Apache Directory Studio (LDAP
client) successfully passed. So, there is no authentication failure
from LDAP server.

Questions :
>> Is the user mask (cn=%s) a LDAP filter which will eventually result in FQDN of the user ?
For example, cn=testuser,ou=user,ou=india,dc=example,dc=com is the
FQDN for which the user will login as testuser. Is this right ?
>> The error message reported is not clear. Is the Named Object not found or was it the authentication failure. Is there any setting to turn on for enhanced logging ?

NOTE :
This is urgent as the code review data is piling up offline and will
become cumbersome to feed data later.

Bradley

unread,
Dec 6, 2011, 5:49:52 PM12/6/11
to reviewboard
Not sure if this helps, I am using "uid=%s" against OpenLDAP.

jack jack

unread,
Dec 7, 2011, 4:43:18 AM12/7/11
to revie...@googlegroups.com
I have also faced these issues, while configuring RB with LDAP, which required me to modify the backends.py to add filters.

In my case

user mask: sAMAccountName=%s
Anonymous user mask contains following entries: CN=ldapquery,OU=Service Accounts,OU=Exception Accounts,DC=na,DC=xxxxxxware,DC=com
Supply Anonymous user password.



--
Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to reviewboard...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en

Dexter

unread,
Dec 7, 2011, 1:22:37 PM12/7/11
to reviewboard
@Bradley && @Jack jack,

did you LDAP configuration work after making your respective changes ?
At times, I have noticed that if I leave any field blank in LDAP
authentication page then I get a field cannot be empty error on the
review board log. This happens even though the field is mentioned as
optional. do you face this issue ?

@Jack, Shouldn't the anonymous user mask follow the same pattern as
in user mask? These parameters in your configuration do not match. I
could be wrong but I understood that usermask pattern and the
anonymous user mask should pass the same pattern.

@Bradley
I have not checked the backends.py and why the filters are required ?
Is this something like hard coding the values for LDAP filters ?

> > Happy user? Let us know athttp://www.reviewboard.org/users/

Reply all
Reply to author
Forward
0 new messages