dismiss user can login with any password

27 views
Skip to first unread message

胡一辉

unread,
May 29, 2024, 10:40:17 PMMay 29
to Review Board Community
Hello:

 In our ReviewBoard 5.0.1, use Ldap to authenticate user login,
If anyone dismiss, IT will disalbe his account in ldap server
and we find an issue:
login the dismiss user account, with any password, 
the login will be successfully.
but for anyone who not dismiss, only the correct password can login.
there is a message in the reviewboard.logs:
reviewboard.accounts.backends.ldap Attempting to authenticate user DN "None"

Is it a bug with reviewboard 5.0.1? or any issue with our configuration?
Thanks a lot

David Trowbridge

unread,
May 30, 2024, 12:17:54 AMMay 30
to revie...@googlegroups.com
We've seen this kind of behavior before with some misconfigurations. Would you be able to share your LDAP configuration in Review Board, and let us know if your LDAP server is configured to allow anonymous binds?

David

--
Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
---
You received this message because you are subscribed to the Google Groups "Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/55643e96-efc4-4edf-b644-35becba1a3fan%40googlegroups.com.

胡一辉

unread,
May 30, 2024, 1:20:38 AMMay 30
to Review Board Community
Authentication configuration as following:

Authentication  Method: LDAP
LDAP Server: ldap://10.0.0.66:3289
ReviewBoard LDAP Bind Account: CN=scmldap,OU=ServiceAccount,DC=spreadtrum,DC=com
ReviewBaord LDAP Bind Password: ********
LDAP Base DN: DC=spreadtrum,DC=com
Username Attribute: sAMAccountName
Full Name Attribute: displayName
E-mail LDAP Attribute: mail
E-Mail Domain: unisoc.com

The following option is not choosed(unchecked):
Allow anonymous read-only access
Enable SAML 2.0 Authentication
Use TLS for authentication

Those other options in Authentication not in the upper is blank,
If there is misconfiguration, please let me know.
Thank you very much.

胡一辉

unread,
May 30, 2024, 1:24:26 AMMay 30
to Review Board Community
our LDAP server is not allow anonymous bind, so I config the  ReviewBoard LDAP Bind Account and Password.

在2024年5月30日星期四 UTC+8 12:17:54<David Trowbridge> 写道:
Reply all
Reply to author
Forward
0 new messages