Home Projects Documentation Press / or click here to open the quicksearch Log in
Installation
https://secure.gravatar.com/avatar/8446244ba01096058381c713b4b542f5.png?d=wavatar&s=28
Sat Aug 13 15:45 Authored by lsproc

Installing LDAP Authentication  

Obtaining  

LDAP Authentication is included with The Bug Genie 3.1.4 onwards (this includes The Bug Genie 3.2). It will not be installed by default, but you can install it by selecting it from the uninstalled modules list in modules configuration.

Setup  

The first step is to create a control user in your directory. This is not necessary if you can have anonymous binds to the directory, but if you can not you will need to create this user. The credentials of this user will be stored unencrypted in the database, so you will need to secure this user.

If you are able to alter access to objects and attributes within the directory (as you can in Active Directory), the user will only need access users and groups within the directory, the parent structure to these objects, the attributes you specify in the configuration and the the following properties:
  • cn
Access to user's passwords are not required.

After setting up the control user, if appropriate, you can now configure the module. Remember to test after saving. The test will not only check to see if The Bug Genie can talk to the directory and bind with your control user, but also check to see if the groups you specified (if any) exist.

Permissions  

When you switch over to LDAP Authentication, existing users may not be accessable. Users with the same username as one in the directory will remain accessible (with their LDAP password), and their permissions will remain. This means that if you have an Administrator account in LDAP, you will have no trouble (under a fresh installation).

Otherwise, you will need to perform some changes first. You can import all users (who would be allowed to access if a group restriction is set), and then alter the permissions of these users (or assign them to users and groups) from the users configuration.

Pruning  

You can choose to prune users from The Bug Genie's database which would not be allowed to authenticate against LDAP. These users would not be able to log in anyway, but you may wish to do this to keep the user list clean. We recommend this operation is performed after switching to LDAP.

Users who exist in The Bug Genie's database who do not exist in LDAP will be removed from The Bug Genie; and additionally if there is a group restriction, users who exist in The Bug Genie and in LDAP, but who would not be able to log in due to a group restriction will also be removed.

Switching to LDAP  

By going to the Authentication page, it is possible to switch over to LDAP Authentication. This will log you out after switching, as all existing sessions will be invalidated.

You may also want to set some messages to display to users on pages such as 'My Account' and 'Register', as the inbuilt pages will be disabled. To alter the message on the login page, this can be done from the wiki article that is loaded by the login tab.

The 'Forgot Password' tab will only be shown if the Mailing module is set up, but no tool to recover your password will be shown here. Like other pages, you can specify a message to show here.

Categories

LDAP

Attachments 0

Comments 0

/unthemed/mono/no-comments.png
Expand, collaborate and share
Post a comment and get things done