if settings.LDAP_ANON_BIND_UID:
# Log in as the anonymous user before searching.
ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID,
settings.LDAP_ANON_BIND_PASSWD) 1
search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE,
uid) 2
if not search:
# No such a user, return early, no need for bind attempts
logging.warning("LDAP error: The specified object does not "
"exist in the Directory: %s" %
uid)
return None
else:
# Having found the user anonymously, attempt bind with the password
ldapo.bind_s(search[0][0], password)
else :
# Attempt to bind using the given uid and password. It may be
# that we really need a setting for how the DN in this is
# constructed; this way is correct for my system
userbinding=','.join([uid,settings.LDAP_BASE_DN]) 3
ldapo.bind_s(userbinding, password)
::About::
This is Vijay Kumar's personal blog. Here you will find his explorations into GNU/Linux, Art, Embedded Systems, ...
vijaykumar
AT
bravegnu DOT org
::Archives::
::Tags::
8051
arm
ascii-art
blosxom
chennaipy
design-pattern
doc
embedded
erpnext
foss
git
gtk
java
ldap
linux
linux-kernel
pyconindia
python
qemu
svn
thinkpad
vector-art
wikipedia
zigbee
::Top Stories::
::Promos::
![[FSF Associate Member]](http://static.fsf.org/nosvn/associate/fsf-11643.png)
~vijaykumar
[ Home | Feed | Twitter | Vector Art | Ascii Art | Tutorials ]
ReviewBoard with LDAP
Sat, 20 Jul 2013
ReviewBoard comes with excellent documentation, but the LDAP configuration is not very clear. Hope this blog article serves to fill in the gap.
The ReviewBoard version we are testing with is 1.7. The relavent code is listed below.
Anonymous User Mask
The first field that needs clarification is "Anoynmous User Mask". This field appears in the code as LDAP_ANON_BIND_UID. This has nothing to do with the anonymous read-only access to reviewboard. When a user tries to login into ReviewBoard, ReviewBoard will search the LDAP server, to see if the specified username is available on LDAP. To perform this search, ReviewBoard logs into LDAP with the specified "Anonymous User Mask" and "Anonymous User Password".
From [1], in the above code, since LDAP_ANON_BIND_UID is used by itself to bind to the server, "Anonymous User Mask", should be the DN of the user, and not the RDN of the user, as indicated in the documentation. So it should be something like uid=vijaykumar,ou=people,dc=example,dc=com.
User Mask
The next field that needs clarification is the "User Mask". This field seems to have to different meanings. And the meaning depends on the whether "Anonymous User Mask" is specified or not. When "Anonymous User Mask" is specified, it is used as LDAP search filter, as indicated by [2], in the above code. The filter has to specified as (uid=%s), where the %s will be populated ReviewBoard, before hitting the search query.
If the "Anonymous User Mask" is not specified, then "User Mask", is used, to combined with the base DN, to form the full DN, as indicated in [3], in the above code. In this case the "User Mask", should be specified as uid=%s, without the parens!
Well, thats all there is to it. Hope this helps. Hope ReviewBoard will be fixed someday, and the ambiguous field names, and documentation will be corrected.
Permalink | Add Comment | Share: Twitter, Facebook, Buzz, ... | Tags: ldap, python
blog comments powered by Disqus
|
|
|
|
|
