Issues with LDAP Configuration
Agi Joseph
agi.joseph at gans.aero
Tue Feb 15 18:06:40 UTC 2022
Can I know what is the least access required for the user to bind the LDAP from bugzilla. We cannot configure the administrator account on bugzilla portal, so required a least permitted user supposed to use for the binding
> On 15 Feb 2022, at 8:52 PM, Agi Joseph <agi.joseph at gans.aero> wrote:
>
> Dear All,
>
> Now I was able to login with LDAP accounts, with the below changes,
>
> LDAPuidattribute # sAMAccountName
> LDAPmailattribute# sAMAccountName
>
> In this way I can use LDAP sAMAccountName as Bugzilla login credentials, is it right way right?.
>
> Now I have to look on how to integrate with SMTP services to enable the email alerts.
>
> Thanks
>
>
> Best Regards,
>
> Agi Joseph
> Systems & Network Administrator
> Global Air Navigation Services LLC
> Tel:+971 2 5565233 * 2583
> Mob:+971 50 2383530
> Email:agi.joseph at gans.aero
> Web:www.gans.aero
>
>
>
Best Regards,
Agi Joseph
Systems & Network Administrator
Global Air Navigation Services LLC
Tel:+971 2 5565233 * 2583
Mob:+971 50 2383530
Email:agi.joseph at gans.aero
Web:www.gans.aero
-----Original Message-----
> From: support-list <support-list-bounces at bugzilla.org> On Behalf Of Agi Joseph
> Sent: Tuesday, February 15, 2022 8:25 PM
> To: Thorsten Schöning <tschoening at am-soft.de>; support-list at bugzilla.org
> Subject: RE: Issues with LDAP Configuration
>
> Dear Thorsten
>
> Below the details from Active Directory,
>
> userPrincipalName # admin at gans.aero
> sAMAccountName # admin
> mail # admin at gans.aero
>
> If you have a proper document could you please share it with me,
>
> Thanks,
>
>
> Best Regards,
>
> Agi Joseph
> Systems & Network Administrator
> Global Air Navigation Services LLC
> Tel:+971 2 5565233 * 2583
> Mob:+971 50 2383530
> Email:agi.joseph at gans.aero
> Web:www.gans.aero
>
>
> -----Original Message-----
> From: support-list <support-list-bounces at bugzilla.org> On Behalf Of Thorsten Schöning
> Sent: Tuesday, February 15, 2022 8:00 PM
> To: support-list at bugzilla.org
> Subject: Re: Issues with LDAP Configuration
>
> Guten Tag Agi Joseph,
> am Dienstag, 15. Februar 2022 um 15:37 schrieben Sie:
>
>> With userPrincipalName, (username)
>> The login or password you entered is not valid."
>
> You still didn't say what exactly is stored for "userPrincipalName", "sAMAccountName" and "mail". Please simply provide some examples.
> According to your error messages, it seems that "userPrincipalName"
> contains mail addresses instead of usernames only.
>
>> With username at domain.aero
>
>> We received an email address (administrator at gans.aero) that didn't
>> pass our syntax checking for a legal email address, when trying to
>> create or update your account. A legal login name must contain local
>> GANS usernames , eg. 'john.doe' . No @ allowed. It also must not contain any illegal characters.
>
> This error message actually means that binding to AD with administrator at gans.aero SUCCEEDED, hence my question about example data in your AD for the configured fields. You can easily check that in the method Bugzilla::Auth::login yourself: "check_credentials"
> needs to succeed before "create_or_update_user" is called and the latter is checking usernames.
>
> https://github.com/bugzilla/bugzilla/blob/854db96e37e1f77a466ec63c17054993154f2b91/Bugzilla/Auth.pm#L57
>
> Of course this means your setup doesn't make too much sense right now:
> Storing mail addresses in AD fields expected to be plain usernames while at the same time configuring Bugzilla to NOT accept mail addresses as usernames at all. Seems like you have mail addresses in "mail" attribute as well, which is used as username in Bugzilla upon account creation and again is not allowd by your policy of usernames.
>
> In the easiest case, simply reset Bugzilla's checks for usernames to its default value, allowing mail addresses as Bugzilla internal usernames this way. Configure "sAMAccountName" as the source for usernames for "LDAPuidattribute" and keep "mail" as
> "LDAPmailattribute"-
>
> With such a setup users need to input "username" instead of "username at example.org" in the login form, Bugzilla forwards "username"
> to AD, if bind succeeds reads the corresponding "username at example.org"
> from "mail" and creates the local user that way.
>
> Mit freundlichen Grüßen
>
> Thorsten Schöning
>
> --
> AM-SoFT IT-Service - Bitstore Hameln GmbH Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK
>
> E-Mail: Thorsten.Schoening at AM-SoFT.de
> Web: http://www.AM-SoFT.de/
>
> Tel: 05151- 9468- 0
> Tel: 05151- 9468-55
> Fax: 05151- 9468-88
> Mobil: 0178-8 9468-04
>
> AM-SoFT IT-Service - Bitstore Hameln GmbH, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 221853 - Geschäftsführer: Janine Galonska
>
>
> Für Rückfragen stehe ich Ihnen jederzeit zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
>
> Telefon: +49 (0)515 94 68 - 0
> Fax:
> E-Mail: TSchoening at am-soft.de
>
> AM-Soft IT-Service - Bitstore Hameln GmbH Brandenburger Straße 7c
> 31789 Hameln
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen und ist ausschliesslich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail durch andere Personen als den Adressaten ist untersagt. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Massnahmen im Vertrauen auf erlangte Information untersagt.
>
> This e-mail may contain confidential and/or privileged information and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
>
> Hinweise zum Datenschutz: bitstore.group/datenschutz
>
>
>
> _______________________________________________
> support-list mailing list
> support-list at bugzilla.org
> https://lists.bugzilla.org/listinfo/support-list
> _______________________________________________
> support-list mailing list
> support-list at bugzilla.org
> https://lists.bugzilla.org/listinfo/support-list
More information about the support-list
mailing list