Christian, We did some testing and it appears that the error is caused when a call is made to the Web API and passes a blank password. Setting the password to an invalid password appear to work correctly. This curl command triggers the issue.
curl -u "username":"" https://reviewboard.domain/api/review-requests/xxxx/ -Chris On Tuesday, June 6, 2017 at 4:44:04 PM UTC-4, Christian Hammond wrote: > > Hi Chris, > > I'm afraid the changes I talked about were limited to the LDAP support, > not Active Directory. The newer version won't fix your problem. > > I think it's important to figure out why this is failing in the first > place, though. We perform a bind every time we go to authenticate a user. > We know that's succeeding because we then immediately go to perform a > search (which wouldn't happen if the bind failed), and that's where this is > failing. It sounds like this only happens periodically, and not every time > someone authenticates? > > Christian > > On Tue, Jun 6, 2017 at 12:33 PM, Chris Eagan <[email protected] > <javascript:>> wrote: > >> I am planning to upgrade our version soon so hopefully that resolves the >> problem, but either way, here is the traceback from the email in case you >> would like to take a look. >> >> Traceback (most recent call last): >> >> File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", >> line 112, in get_response >> response = wrapped_callback(request, *callback_args, >> **callback_kwargs) >> >> File >> "/usr/lib/python2.7/site-packages/django/views/decorators/cache.py", line >> 52, in _wrapped_view_func >> response = view_func(request, *args, **kwargs) >> >> File >> "/usr/lib/python2.7/site-packages/django/views/decorators/vary.py", line >> 19, in inner_func >> response = func(*args, **kwargs) >> >> File >> "/usr/lib/python2.7/site-packages/djblets/webapi/resources/base.py", line >> 135, in __call__ >> auth_result = check_login(request) >> >> File >> "/usr/lib/python2.7/site-packages/djblets/webapi/auth/backends/__init__.py", >> line 87, in check_login >> result = auth_backend_cls().authenticate(request) >> >> File >> "/usr/lib/python2.7/site-packages/djblets/webapi/auth/backends/base.py", >> line 84, in authenticate >> result = self.login_with_credentials(request, **credentials) >> >> File >> "/usr/lib/python2.7/site-packages/djblets/webapi/auth/backends/base.py", >> line 141, in login_with_credentials >> user = auth.authenticate(**credentials) >> >> File >> "/usr/lib/python2.7/site-packages/django/contrib/auth/__init__.py", line >> 49, in authenticate >> user = backend.authenticate(**credentials) >> >> File >> "/usr/lib/python2.7/site-packages/reviewboard/accounts/backends.py", line >> 792, in authenticate >> userdomain) >> >> File >> "/usr/lib/python2.7/site-packages/reviewboard/accounts/backends.py", line >> 641, in search_ad >> filterstr=filterstr) >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 552, >> in search_s >> return >> self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 546, >> in search_ext_s >> return self.result(msgid,all=1,timeout=timeout)[1] >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 458, >> in result >> resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout) >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 462, >> in result2 >> resp_type, resp_data, resp_msgid, resp_ctrls = >> self.result3(msgid,all,timeout) >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 469, >> in result3 >> resp_ctrl_classes=resp_ctrl_classes >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 476, >> in result4 >> ldap_result = >> self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) >> >> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99, >> in _ldap_call >> result = func(*args,**kwargs) >> >> OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C090752, comment: In >> order to perform this operation a successful bind must be completed on the >> connection., data 0, v2580', 'desc': 'Operations error'} >> >> >> >> On Monday, June 5, 2017 at 5:52:51 PM UTC-4, Christian Hammond wrote: >>> >>> Hi Chris, >>> >>> I'm surprised you're getting e-mails for this, but I'd have to see the >>> entirety of the e-mail, probably. If it's an exception traceback e-mail, >>> then likely this particular failure wasn't getting caught and handled >>> gracefully, leading to a HTTP 500 being shown to the user who tried to log >>> in. Generally speaking, you should only get such e-mails if we have a crash >>> bug. >>> >>> I did a bunch of work to improve the LDAP support in 2.5.12, which >>> should also better catch exceptions. Upgrading might prevent those errors >>> from showing up. >>> >>> Do you have a full traceback shown in there? >>> >>> Christian >>> >>> On Mon, Jun 5, 2017 at 12:04 PM, Chris Eagan <[email protected]> wrote: >>> >>>> Sometimes our Review Board server sends emails to the Administrator >>>> email account to report errors. I don't see a setting anywhere to control >>>> what gets sent to the administrators, but some of these issues are ones >>>> that we aren't particularly interested in receiving. For instance, the >>>> following error gets sent whenever someone mistypes their password when >>>> attempting to login to Review Board. >>>> >>>> OPERATIONS_ERROR: {'info': '000004DC: LdapErr: DSID-0C090752, comment: >>>> In order to perform this operation a successful bind must be completed on >>>> the connection., data 0, v2580', 'desc': 'Operations error'} >>>> >>>> It is a little odd because we can see other ERROR level log entries >>>> from today, but we didn't get emails for all of them so the emails don't >>>> appear to be related to the log level of the error. It might be useful to >>>> let the user customize the log level threshold for which emails are sent >>>> to >>>> the Administrator, including turning off the automated emails completely. >>>> >>>> Is there anything we can do to customize what gets sent to the >>>> Administrator email account? We are currently running Review Board 2.5.9. >>>> >>>> -- >>>> Supercharge your Review Board with Power Pack: >>>> https://www.reviewboard.org/powerpack/ >>>> Want us to host Review Board for you? Check out RBCommons: >>>> https://rbcommons.com/ >>>> Happy user? Let us know! https://www.reviewboard.org/users/ >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "reviewboard" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Christian Hammond >>> President/CEO of Beanbag <https://www.beanbaginc.com/> >>> Makers of Review Board <https://www.reviewboard.org/> >>> >> -- >> Supercharge your Review Board with Power Pack: >> https://www.reviewboard.org/powerpack/ >> Want us to host Review Board for you? Check out RBCommons: >> https://rbcommons.com/ >> Happy user? Let us know! https://www.reviewboard.org/users/ >> --- >> You received this message because you are subscribed to the Google Groups >> "reviewboard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Christian Hammond > President/CEO of Beanbag <https://www.beanbaginc.com/> > Makers of Review Board <https://www.reviewboard.org/> > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
