Issues with LDAP Configuration

Agi Joseph agi.joseph at gans.aero
Tue Feb 15 16:25:20 UTC 2022 

Dear Thorsten

Below the details from Active Directory,

userPrincipalName # admin at gans.aero
sAMAccountName # admin
mail # admin at gans.aero

If you have a proper document could you please share it with me,

Thanks,


Best Regards,

Agi Joseph
Systems & Network Administrator
Global Air Navigation Services LLC
Tel:+971 2 5565233 * 2583
Mob:+971 50 2383530
Email:agi.joseph at gans.aero
Web:www.gans.aero


-----Original Message-----
From: support-list <support-list-bounces at bugzilla.org> On Behalf Of Thorsten Schöning
Sent: Tuesday, February 15, 2022 8:00 PM
To: support-list at bugzilla.org
Subject: Re: Issues with LDAP Configuration

Guten Tag Agi Joseph,
am Dienstag, 15. Februar 2022 um 15:37 schrieben Sie:

> With userPrincipalName, (username)
> The login or password you entered is not valid."

You still didn't say what exactly is stored for "userPrincipalName", "sAMAccountName" and "mail". Please simply provide some examples.
According to your error messages, it seems that "userPrincipalName"
contains mail addresses instead of usernames only.

> With username at domain.aero

> We received an email address (administrator at gans.aero) that didn't
> pass our syntax checking for a legal email address, when trying to
> create or update your account. A legal login name must contain local
> GANS usernames , eg. 'john.doe' . No @ allowed. It also must not contain any illegal characters.

This error message actually means that binding to AD with administrator at gans.aero SUCCEEDED, hence my question about example data in your AD for the configured fields. You can easily check that in the method Bugzilla::Auth::login yourself: "check_credentials"
needs to succeed before "create_or_update_user" is called and the latter is checking usernames.

https://github.com/bugzilla/bugzilla/blob/854db96e37e1f77a466ec63c17054993154f2b91/Bugzilla/Auth.pm#L57

Of course this means your setup doesn't make too much sense right now:
Storing mail addresses in AD fields expected to be plain usernames while at the same time configuring Bugzilla to NOT accept mail addresses as usernames at all. Seems like you have mail addresses in "mail" attribute as well, which is used as username in Bugzilla upon account creation and again is not allowd by your policy of usernames.

In the easiest case, simply reset Bugzilla's checks for usernames to its default value, allowing mail addresses as Bugzilla internal usernames this way. Configure "sAMAccountName" as the source for usernames for "LDAPuidattribute" and keep "mail" as
"LDAPmailattribute"-

With such a setup users need to input "username" instead of "username at example.org" in the login form, Bugzilla forwards "username"
to AD, if bind succeeds reads the corresponding "username at example.org"
from "mail" and creates the local user that way.

Mit freundlichen Grüßen

Thorsten Schöning

--
AM-SoFT IT-Service - Bitstore Hameln GmbH Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK

E-Mail: Thorsten.Schoening at AM-SoFT.de
Web:    http://www.AM-SoFT.de/

Tel:   05151-  9468- 0
Tel:   05151-  9468-55
Fax:   05151-  9468-88
Mobil:  0178-8 9468-04

AM-SoFT IT-Service - Bitstore Hameln GmbH, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 221853 - Geschäftsführer: Janine Galonska


Für Rückfragen stehe ich Ihnen jederzeit zur Verfügung.

Mit freundlichen Grüßen,

Thorsten Schöning


Telefon: +49 (0)515 94 68 - 0
Fax:
E-Mail: TSchoening at am-soft.de

AM-Soft IT-Service - Bitstore Hameln GmbH Brandenburger Straße 7c
31789 Hameln

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen und ist ausschliesslich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail durch andere Personen als den Adressaten ist untersagt. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Massnahmen im Vertrauen auf erlangte Information untersagt.

This e-mail may contain confidential and/or privileged information and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.

Hinweise zum Datenschutz: bitstore.group/datenschutz



_______________________________________________
support-list mailing list
support-list at bugzilla.org
https://lists.bugzilla.org/listinfo/support-list

More information about the support-list mailing list