Reviewboard on Linux and Windows Domain

At work we recently started to use ReviewBoard as code review tool. I installed it on a Ubuntu 12.04 VM as the Windows support is riddled with problems (RB has abandoned official Windows support – so it might work or it might not). Following the instructions for installing it on Linux with MySQL as database backend and using Apache as host was easy and worked pretty much out of the box. Our central repository is hosted in subversion.

Our network is controlled by a Windows Domain Controller and we wanted the ability to authenticate the ReviewBoard users via the domain login. In the following I will assume that the domain is called COMPANY.LOCAL

    • I pretty much followed these instructions except I only installed likewise-open5, likewise-open5-gui but not not winbind (which gave a weird PAM error when I tried to install it)
    • When trying to join the domain as per the above linked page I got an error which led me to this bug report on launchpad. Following the instructions to change /etc/nsswitch.conf to look like this resolved the problem:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat lsass

group: compat lsass
shadow: compat

# 04102010 Add line as per Likewise Open Admin Guide
hosts: files dns

# 04122010 Commenting out hosts below as per ubuntu bug 555525
#hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis
  • Reboot and then join the domain sudo -s domainjoin-cli --loglevel info --log . join COMPANY.LOCAL USER
    • Note that USER needs to be a domain user with sufficient rights to add a computer to the domain
  • For activating the support in ReviewBoard I installed python_ldap and pydns and then configured the Authentication Method in the ReviewBoard admin section to Active Directory authentication method using the following settings:
Domain: company.local
Domain controller: IpOfYourWindowsDomainController
OU: none
Group name: software
Custom search root: none
Recursion depth: -1

And that was it – now every user part of the software domain group can authenticate with their domain login.

Advertisements