ReviewBoard comes with excellent documentation, but the LDAP
configuration is not very clear. Hope this blog article serves to fill
in the gap.
The ReviewBoard version we are testing with is 1.7. The relavent code
is listed below.
# Log in as the anonymous user before searching.
search = ldapo.search_s(settings.LDAP_BASE_DN, ldap.SCOPE_SUBTREE,
if not search:
# No such a user, return early, no need for bind attempts
logging.warning("LDAP error: The specified object does not "
"exist in the Directory: %s" %
# Having found the user anonymously, attempt bind with the password
# Attempt to bind using the given uid and password. It may be
# that we really need a setting for how the DN in this is
# constructed; this way is correct for my system
Anonymous User Mask
The first field that needs clarification is "Anoynmous User
Mask". This field appears in the code as LDAP_ANON_BIND_UID. This
has nothing to do with the anonymous read-only access to
reviewboard. When a user tries to login into ReviewBoard, ReviewBoard
will search the LDAP server, to see if the specified username is
available on LDAP. To perform this search, ReviewBoard logs into LDAP
with the specified "Anonymous User Mask" and "Anonymous User
From , in the above code, since LDAP_ANON_BIND_UID is used by
itself to bind to the server, "Anonymous User Mask", should be the DN
of the user, and not the RDN of the user, as indicated in the
documentation. So it should be something like
The next field that needs clarification is the "User Mask". This field
seems to have to different meanings. And the meaning depends on the
whether "Anonymous User Mask" is specified or not. When "Anonymous
User Mask" is specified, it is used as LDAP search filter, as
indicated by , in the above code. The filter has to specified as
(uid=%s), where the %s will be populated ReviewBoard, before hitting
the search query.
If the "Anonymous User Mask" is not specified, then "User Mask", is
used, to combined with the base DN, to form the full DN, as indicated
in , in the above code. In this case the "User Mask", should be
specified as uid=%s, without the parens!
Well, thats all there is to it. Hope this helps. Hope ReviewBoard will
be fixed someday, and the ambiguous field names, and documentation
will be corrected.
Add Comment |
Share: Twitter, Facebook, Buzz, ... |
Tags: ldap, python