Chris, Are you using the LDAP auth backend or the AD backend? I know we had some issues with usernames or other filters that needed to be escaped for AD, but I don't think we've run into equivalent bugs (+fixes) for the basic LDAP backend.
Is there anything unique about the username? -David On Wed, Dec 4, 2013 at 3:52 PM, Chris Armstrong <[email protected] > wrote: > More evidence that this appears to be an issue with ReviewBoard handling > this success case - trying a bad password raises the correct error, meaning > the user account is indeed found and returned by LDAP: > > [03/Dec/2013:17:52:03 -0800] CONNECT conn=42698 > from=reviewboard:32879 to=ldap:1636 protocol=LDAPS > [03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=0 msgID=1 type=SIMPLE > dn="" > [03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=0 msgID=1 result=0 > authDN="" etime=1 > [03/Dec/2013:17:52:03 -0800] SEARCH REQ conn=42698 op=1 msgID=2 > base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)" > attrs="ALL" > [03/Dec/2013:17:52:03 -0800] SEARCH RES conn=42698 op=1 msgID=2 result=0 > nentries=1 etime=1 > [03/Dec/2013:17:52:03 -0800] BIND REQ conn=42698 op=2 msgID=3 type=SIMPLE > dn="uid=johndoe,ou=Employees,dc=socrata,dc=com" > [03/Dec/2013:17:52:03 -0800] BIND RES conn=42698 op=2 msgID=3 result=49 > authFailureID=196887 authFailureReason="The password provided by the user > did not match any password(s) stored in the user's entry" etime=0 > [03/Dec/2013:17:52:03 -0800] UNBIND REQ conn=42698 op=3 msgID=4 > [03/Dec/2013:17:52:03 -0800] DISCONNECT conn=42698 reason="Client Unbind" > > ReviewBoard > 2013-12-04 01:52:03,633 - WARNING - - LDAP error: The specified object > does not exist in the Directory or provided invalid credentials: > (uid=johndoe) > > > On Wed, Dec 4, 2013 at 3:41 PM, Chris Armstrong < > [email protected]> wrote: > >> I'm trying to get a new user provisioned in ReviewBoard. His account >> exists in LDAP, but when he tries to log into ReviewBoard, he triggers a >> "Bad search filter" error: >> >> 2013-12-04 01:51:59,695 - WARNING - - LDAP error: {'desc': 'Bad search >> filter'} >> >> The LDAP server seems to be perfectly happy: >> >> [03/Dec/2013:17:51:59 -0800] CONNECT conn=42697 >> from=reviewboard:32876to=ldap:1636 protocol=LDAPS >> [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=0 msgID=1 type=SIMPLE >> dn="" >> [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=0 msgID=1 result=0 >> authDN="" etime=0 >> [03/Dec/2013:17:51:59 -0800] SEARCH REQ conn=42697 op=1 msgID=2 >> base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=johndoe)" >> attrs="ALL" >> [03/Dec/2013:17:51:59 -0800] SEARCH RES conn=42697 op=1 msgID=2 result=0 >> nentries=1 etime=1 >> [03/Dec/2013:17:51:59 -0800] BIND REQ conn=42697 op=2 msgID=3 type=SIMPLE >> dn="uid= johndoe,ou=Employees,dc=socrata,dc=com" >> [03/Dec/2013:17:51:59 -0800] BIND RES conn=42697 op=2 msgID=3 result=0 >> authDN="uid= johndoe,ou=Employees,dc=socrata,dc=com" etime=1 >> [03/Dec/2013:17:51:59 -0800] UNBIND REQ conn=42697 op=3 msgID=5 >> [03/Dec/2013:17:51:59 -0800] DISCONNECT conn=42697 reason="Client Unbind"+ >> >> For comparison, I logged in successfully, and the output seems to be >> identical: >> >> [04/Dec/2013:09:42:38 -0800] CONNECT conn=42706 >> from=reviewboard:34744to=ldap:1636 protocol=LDAPS >> [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=0 msgID=1 type=SIMPLE >> dn="" >> [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=0 msgID=1 result=0 >> authDN="" etime=0 >> [04/Dec/2013:09:42:39 -0800] SEARCH REQ conn=42706 op=1 msgID=2 >> base="dc=socrata,dc=com" scope=wholeSubtree filter="(uid=carmstrong)" >> attrs="ALL" >> [04/Dec/2013:09:42:39 -0800] SEARCH RES conn=42706 op=1 msgID=2 result=0 >> nentries=1 etime=0 >> [04/Dec/2013:09:42:39 -0800] BIND REQ conn=42706 op=2 msgID=3 type=SIMPLE >> dn="uid=carmstrong,ou=Employees,dc=socrata,dc=com" >> [04/Dec/2013:09:42:39 -0800] BIND RES conn=42706 op=2 msgID=3 result=0 >> authDN="uid=carmstrong,ou=Employees,dc=socrata,dc=com" etime=1 >> [04/Dec/2013:09:42:39 -0800] UNBIND REQ conn=42706 op=3 msgID=4 >> [04/Dec/2013:09:42:39 -0800] DISCONNECT conn=42706 reason="Client Unbind" >> >> We were running 1.7.16, but I upgraded to 1.7.19 and still see the issue. >> The workaround for this is to provision them in ReviewBoard manually, but >> obviously this is less-than-ideal as it defeats the entire purpose of >> LDAP... >> >> Does anyone have any idea what this can be? Did the provisioning of new >> users from LDAP break some time ago, and noone noticed? >> >> -- >> Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ >> --- >> Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ >> --- >> Happy user? Let us know at http://www.reviewboard.org/users/ >> --- >> You received this message because you are subscribed to the Google Groups >> "reviewboard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Chris Armstrong, Site Reliability Engineer at Socrata > > -- > Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ > --- > Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ > --- > Happy user? Let us know at http://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "reviewboard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
