Summary

Optionally use a "guest user" binding prior to searching real user login in LDAP-based authentication

Review Request #729 — Created Jan. 30, 2009 and submitted

Information

Owner

morozov

Repository

Review Board SVN (deprecated)

Branch

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

As noted in http://reviews.review-board.org/r/704/ some LDAP servers prohibite anonymous searches so binding is needed to perform other operations. But unlike the 704 this solution still allows to use complex LDAP hierarchy where users' "login" strings can't be expressed as a fixed pattern like 'uid=%s,ou=users,dc=example,dc=com'.

Testing Done

Expand All
Collapse All

```
for (i in ins)
  test
```

Ship it!

as a note, with reviewboard 1.0 alpha4 I needed this patch to successfully authenticate against our ldap server so I'm opting for including it into the release.

Ship it!

This seems safe to me. I wish I knew more about LDAP, though.

Committed as r1816.