Comment #3 on issue 3069 by [email protected]: LDAP auth should use fully
qualified DN for user bind
http://code.google.com/p/reviewboard/issues/detail?id=3069
http://reviews.reviewboard.org currently gives me a 403 error.
See the diff below, but please not I am not a python developer...
--- backends.py.orig 2013-08-26 08:58:38.937586726 +0200
+++ backends.py 2013-08-26 09:04:24.114355191 +0200
@@ -204,10 +204,13 @@ class LDAPBackend(AuthBackend):
ldapo.bind_s(search[0][0], password)
else :
- # Attempt to bind using the given uid and password. It may
be
- # that we really need a setting for how the DN in this is
- # constructed; this way is correct for my system
- userbinding=','.join([uid,settings.LDAP_BASE_DN])
+ # Bind anonymously to the server, then search for the user
with the
+ # given base DN and uid. If user is found a fully
qualified DN is
+ # returned. Authentication then is done with bind using
this fully
+ # qualified DN.
+ ldapo.simple_bind_s()
+ search = ldapo.search_s(settings.LDAP_BASE_DN,
ldap.SCOPE_SUBTREE, uid)
+ userbinding=search[0][0]
ldapo.bind_s(userbinding, password)
return self.get_or_create_user(username, ldapo)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/groups/opt_out.
