[ Home | Feed | Twitter | Vector Art | Ascii Art | Tutorials ]

ReviewBoard with LDAP

Sat, 20 Jul 2013

ReviewBoard comes with excellent documentation, but the LDAP configuration is not very clear. Hope this blog article serves to fill in the gap.

The ReviewBoard version we are testing with is 1.7. The relavent code is listed below.

if settings.LDAP_ANON_BIND_UID:
    # Log in as the anonymous user before searching.
                        settings.LDAP_ANON_BIND_PASSWD) 1
    search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE,
                            uid) 2
    if not search:
        # No such a user, return early, no need for bind attempts
        logging.warning("LDAP error: The specified object does not "
                        "exist in the Directory: %s" %
        return None
        # Having found the user anonymously, attempt bind with the password
        ldapo.bind_s(search[0][0], password)

else :
    # Attempt to bind using the given uid and password. It may be
    # that we really need a setting for how the DN in this is
    # constructed; this way is correct for my system
    userbinding=','.join([uid,settings.LDAP_BASE_DN]) 3
    ldapo.bind_s(userbinding, password)

Anonymous User Mask

The first field that needs clarification is "Anoynmous User Mask". This field appears in the code as LDAP_ANON_BIND_UID. This has nothing to do with the anonymous read-only access to reviewboard. When a user tries to login into ReviewBoard, ReviewBoard will search the LDAP server, to see if the specified username is available on LDAP. To perform this search, ReviewBoard logs into LDAP with the specified "Anonymous User Mask" and "Anonymous User Password".

From [1], in the above code, since LDAP_ANON_BIND_UID is used by itself to bind to the server, "Anonymous User Mask", should be the DN of the user, and not the RDN of the user, as indicated in the documentation. So it should be something like uid=vijaykumar,ou=people,dc=example,dc=com.

User Mask

The next field that needs clarification is the "User Mask". This field seems to have to different meanings. And the meaning depends on the whether "Anonymous User Mask" is specified or not. When "Anonymous User Mask" is specified, it is used as LDAP search filter, as indicated by [2], in the above code. The filter has to specified as (uid=%s), where the %s will be populated ReviewBoard, before hitting the search query.

If the "Anonymous User Mask" is not specified, then "User Mask", is used, to combined with the base DN, to form the full DN, as indicated in [3], in the above code. In this case the "User Mask", should be specified as uid=%s, without the parens!

Well, thats all there is to it. Hope this helps. Hope ReviewBoard will be fixed someday, and the ambiguous field names, and documentation will be corrected.

Permalink | Add Comment | Share: Twitter, Facebook, Buzz, ... | Tags: ldap, python

blog comments powered by Disqus

Powered by Python | Made with PyBlosxom | Valid XHTML 1.1 | Best Viewed With Any Browser | Icon Credits | CC-BY-SA