Configuring LDAP Authentication
Before switching to use LDAP Authentication, it is necessary to set a number of settings to properly connect to the LDAP Server. This can be done from the LDAP Authentication part of Configuration after installing the module.Settings
Connection
Hostname
The hostname, which includes the port, tells The Bug Genie what server to connect to. This should be provided in the format ldap://hostname:port, or ldaps://hostname:port if you wish to use a SSL connection. The default port is 389 for a non-SSL connection and 636 for an SSL connection, but consult your administrator for details.Base DN
The Bug Genie will perform subtree searches, so only one DN which is the base of the DNs for all users and groups is necessary. This should be provided in DN format, an example is provided.Object DN attribute
The Bug Genie will need to obtain the full DN of user objects. In this field, you will need to enter the name of the attribute to get this data from. On OpenLDAP systems, this may be entrydn, and on Active Directory it will be distinguishedName.Users data
Class
The Bug Genie will look for objects which are of a certain class to use as users. You can type the value to look for in objectClass here, though if you don't the default of 'person' will be used.Attributes
The Bug Genie will need to obtain certain data about the user, and the attributes used can be specified here.- Username - The username specified during login will be looked up here.
- Full name - The full name in The Bug Genie will be set to this, but also the 'Buddy Name', which will be shown by issues you are assigned to, as well as in other places.
- Email address - Emails sent from The Bug Genie will be sent to this address.
Groups
Class
The Bug Genie can optionally restrict access to users belonging in certain groups. Like users, The Bug Genie will look for objects to use as groups, the objectClass value to look for can be entered here. If none is specified, the default of 'group' will be used.Attributes
Like users, attributes need to be specified, but only one needs to be.- Group members - The attribute containing the list of DNs of users belonging in the group
Allowed groups
This should contain a list of groups to allow access to. If this is left blank, all users will be allowed access to The Bug Genie. If a comma separated list of groups is entered here, only users belonging to the named groups will be allowed access.Control user
The Bug Genie needs a user to perform user and group lookups with. If anonymous binding to the directory is possible, these fields can be left blank. Otherwise, an account username and password needs to be entered here. Please note that these credentials will be stored unencrypted in the database, so if you are able to, you should restrict the permissions of this user.If you are connecting to an Active Directory server, please note that this user will need to be prefixed with DOMAIN\, or the full DN (see below). Logging in to The Bug Genie via LDAP will not need any prefix under Active Directory.
For all users (including AD ones who do not use a DOMAIN\ prefix), the full DN of your control user must be specified. This can be found by your administration tools.
in authldap/classes/actions.class.php, line 283, replace
with$user_dn = $data[$i][strtolower($dn_attr)][0];
$username = $data[$i][strtolower($username_attr)][0];
same file, lines 339 and 340 replace by
in auth_ldap/classes/TBGLDAPAuthentication.class.php, line 196, replace
by$fields = array($fullname_attr, $email_attr, 'cn', $dn_attr);
$fields = array($fullname_attr, $email_attr, 'cn', $dn_attr, $username_attr);
same file, line 277, replace
by$user_dn = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $data[0][strtolower($dn_attr)][0]);
$username = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $data[0][strtolower($username_attr)][0]);
line 279, replace by