[External] Issues with LDAP Configuration

Daniel McCarty danielm at whleary.com
Tue Feb 15 19:19:32 UTC 2022


AD is a bit of voodoo to me but I recommend Emmanual's suggestion as well.  We ended up creating a domain service account "xxxxxxxxconnector" just for this.  Be careful with security here as this account is a domain super account (again I'm not an expert on AD by any means) and a potential attack vector.

We were able to bind with userPrincipalName (user: "username at company.local"), but things were easier once we switched to sAMAccountName (user: "username").

Hope this helps,
Dan




Daniel McCarty
Director of Engineering
W. H. Leary Co.
P. +1 708.444.4900
E. danielm at whleary.com | W. whleary.com<http://www.whleary.com>


-----Original Message-----
From: support-list <support-list-bounces at bugzilla.org> On Behalf Of Emmanuel Seyman
Sent: Tuesday, February 15, 2022 12:44 PM
To: support-list at bugzilla.org
Subject: Re: [External] Issues with LDAP Configuration

* Agi Joseph [15/02/2022 18:06] :
>
> Can I know what is the least access required for the user to bind the
> LDAP from bugzilla. We cannot configure  the administrator account on
> bugzilla portal, so required a least permitted user supposed to use
> for the binding

Note that the DN/password combo you use to bind to the LDAP server does not need to be that of a valid bugzilla user.

I recommand you create a dedicated account in your AD to use as the bind account in your Bugzilla config.

Emmanuel
_______________________________________________
support-list mailing list
support-list at bugzilla.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.bugzilla.org_listinfo_support-2Dlist&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=KfJK_i8bAAiKEOAyAm9y9vt5kSwc8dkKCDiCjPA9mhw&m=g-ZdcS0CauG1eVsHSGKIxfbr5olIkx9uRM4zvxaHE-c&s=aKUf25ydaBVSjpDDXZkiNWIIk50KnyeB331Rdo3-NQ8&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bugzilla.org/pipermail/support-list/attachments/20220215/a6c1d6c8/attachment-0001.html>


More information about the support-list mailing list