Summary

Improve LDAP user lookups

Review Request #5203 — Created Jan. 6, 2014 and submitted Jan. 28, 2014, 3:17 p.m. — Latest diff uploaded Jan. 28, 2014, 3:10 p.m.

Information

Owner

sgallagh

Repository

Review Board

Branch

master

Bugs

Depends On

Blocks

5345

Reviewers

Groups

reviewboard

People

Description

Improve LDAP user lookups

This patch simplifies configuration of user lookups in LDAP and
also provides better help text to aid the administrator setting it
up.

The email thread below has more details:
https://groups.google.com/forum/#!topic/reviewboard-dev/J6W1o9Eb2IY

Some additional minor changes:
* I reflowed the anonymous bind and service account bind sections
so that they always return a user dn which is authenticated in
a common location.
* I dropped the useless fallback of joining the username with the
base DN. It was unlikely to ever work in a real-world LDAP
environment and it made the code confusing.
* Added a debug log message indicating the DN that we will
attempt to authenticate against.
* Extended the get_or_create_user() routine to take the user DN
Since we already have this information above, it doesn't make
sense to search a second time. We'll just perform a BASE search
instead.
* Corrected a typo in the help text of the Full Name Attribute

Testing Done

Tested authenticating using TLS with and without using an LDAP service account to perform the search.