Re: Issue 1641 in reviewboard: Required LDAP OPT_REFERRALS option

[reviewboard]

Updates:
Status: Fixed

Comment #4 on issue 1641 by trowb...@gmail.com: Required LDAP OPT_REFERRALS  
option

http://code.google.com/p/reviewboard/issues/detail?id=1641

Fixed in master 74b9e7b. Thanks!

--
You received this message because you are subscribed to the Google Groups 
reviewboard-issues group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Re: Issue 1641 in reviewboard: Required LDAP OPT_REFERRALS option

[reviewboard]

Comment #2 on issue 1641 by bryan.weingarten: Required LDAP OPT_REFERRALS  
option

http://code.google.com/p/reviewboard/issues/detail?id=1641

FAQ #13 from http://www.python-ldap.org/faq.shtml

Basically we require turning off chasing referrels for our ldap client to  
work.
The line to turn off referrals just goes immediately after each  
ldapo.initialize().
I'm sure many people would not require or want this, so it's best to add  
this as an
option to Disable referrals in the LDAP settings.  I don't know anything  
about LDAP
either.  LDAP in Review Board was not working for me and I had to  
experiment with
python-ldap and a lot of googling to figure this out.  Then when I looked  
at Review
Board code, it was obvious that it was missing this one line of code.  When  
I added

it, Review Board was able to successfully authenticate for us.

Q: My script bound to MS Active Directory but a a search operation results  
in an
exception ldap.OPERATIONS_ERROR with the diagnostic messages text In order  
to
perform this operation a successful bind must be completed on the  
connection..

What's happening here?

A: When searching from the domain level MS AD returns referrals (search
continuations) for some objects to indicate to the client where to look for  
these
objects. Client-chasing of referrals is a broken concept since LDAPv3 does  
not
specify which credentials to use when chasing the referral. Windows clients  
are
supposed to simply use their Windows credentials but this does not work in  
general

when chasing referrals received from and pointing to arbitrary LDAP servers.
Therefore per default libldap automatically chases the referrals internally  
with an

anonymous access which fails with MS AD.
So best thing is to switch this behaviour off:

l = ldap.initialize('ldap://foobar')
l.set_option(ldap.OPT_REFERRALS,0)




--
You received this message because you are subscribed to the Google Groups 
reviewboard-issues group.
To post to this group, send email to reviewboard-iss...@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Re: Issue 1641 in reviewboard: Required LDAP OPT_REFERRALS option

[reviewboard]

Updates:
Status: NeedInfo

Comment #1 on issue 1641 by chipx86: Required LDAP OPT_REFERRALS option
http://code.google.com/p/reviewboard/issues/detail?id=1641

What does this option do? I don't know LDAP well enough to know if it would  
break

other people.

For patches, we require that the patch be submitted to
http://reviews.reviewboard.org/. A full file doesn't help us much as the  
in-tree

version may have changed and finding out what's new in the file is hard.

--
You received this message because you are subscribed to the Google Groups 
reviewboard-issues group.
To post to this group, send email to reviewboard-iss...@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.