for (i in ins) test
Optionally use a "guest user" binding prior to searching real user login in LDAP-based authentication
Review Request #729 — Created Jan. 30, 2009 and submitted
|Review Board SVN (deprecated)|
As noted in http://reviews.review-board.org/r/704/ some LDAP servers prohibite anonymous searches so binding is needed to perform other operations. But unlike the 704 this solution still allows to use complex LDAP hierarchy where users' "login" strings can't be expressed as a fixed pattern like 'uid=%s,ou=users,dc=example,dc=com'.
as a note, with reviewboard 1.0 alpha4 I needed this patch to successfully authenticate against our ldap server so I'm opting for including it into the release.
This seems safe to me. I wish I knew more about LDAP, though. Committed as r1816.