LDAP Authentication Binding Error
Jake Stone
Server 2003. Since my website is controlled using Active Directory, I am
trying to get LDAP authentication working for BugZilla so people don't
have to maintain multiple passwords for my site.
Following the instructions in the documentation (section 3.1.10 in this
link <http://www.bugzilla.org/docs/3.4/en/html/parameters.html>), it
seems pretty straightforward, but I cannot get it to successfully bind
like I can in PHP. For reference, the following PHP script works (this
is a user with read access to Active Directory):
<?php
$conn = ldap_connect("127.0.0.1") or die("Could not connect to server");
$r = ldap_bind($conn, "ldap...@MYDOMAIN.local", "MYPASSWORD") or
die("Could not bind to server");
ldap_close($conn);
?>
However, trying to use the same credentials in BugZilla does not work:
LDAPServer: localhost
LDAPstarttls: Off
LDAPbinddn: cn=default,cn=ldap.user:MYPASSWORD
LDAPBaseDN: ou=Users
LDAPuidattribute: uid
LDAPmailattribute: mail
LDAPfilter:
Using those settings, I get the following error message (in a "Bugzilla
has suffered an internal error" webpage):
Failed to bind to the LDAP server. The error message was: |80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece||
| Unfortunately the rest of the error is cut off. I also tried using my
exact Distinguished Name, with the same error:
cn=ldap.user:MYPASSWORD,dc=MYDOMAIN,dc=local
cn=ldap user:MYPASSWORD,dc=MYDOMAIN,dc=local
I'm probably just missing some small detail, but I can't think of
anything else to try. Does anybody have an idea?
Thanks in advance for your help!
Jake
Mari
I have had some problems with Bugzilla and LDAP. I'm trying to fix it.
I'm using the informations directly of LDAP, that you can take in the
properties of the user that you are using to your test. Like this :
LDAP Properties:
ldap://X.X.X.X:Port/CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br
Bugzilla :
'LDAPBaseDN' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br',
'LDAPbinddn' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br:password',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap://X.X.X.X:389/',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'userPrincipalName',
If I can do something else, I say to you..
Now, I'm having the error : The specified LDAP attribute mail was not
found.
Good luck for us.
Best regards,
Mariana Hoffart Dias
Emmanuel Seyman
>
> 'LDAPBaseDN' =>
> 'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br',
I suspect your base DN is 'OU=usuarios,DC=teste,DC=com,DC=br'.
Emmanuel
Mari
I tried it to, but when I change to this sentence, I have the error :
"Bugzilla has suffered an internal error. Please save this page and
send it to c...@hst.com.br with details of what you were doing at the
time this message appeared.
URL: http://X.X.X.X:359/index.cgi
The specified LDAP attribute mail was not found."
Is strange because at the form below, now I have the error, but the
user exists :
"The username or password you entered is not valid."
Bugzilla :
'LDAPBaseDN' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br',
'LDAPbinddn' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br:password',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap://X.X.X.X:389/',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'userPrincipalName',
I tried the login as "user" or "us...@teste.com.br" and nothing. Always
the same error.
I don't know what to do...I'm trying, if you can help me...
Thanks a lot,
Mariana Hoffart Dias
Jake Stone
successfully binded to the LDAP server (which I have not succeeded at
yet), but it cannot find the attribute "mail." Since you seem to be on a
Spanish server, you should probably use "malla" or whichever is the
Spanish equivalent used. Check your LDAP server to see what they use for
the email attribute.
Not sure if this relates to my binding problem though.
Jake
> _______________________________________________
> support-bugzilla mailing list
> support-...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/support-bugzilla
> PLEASE put support-...@lists.mozilla.org in the To: field when you reply.
>
Mari
Thanks a lot!!!! You was right! I inserd the attribute "mail" at LDAP
and the Bugzilla is logged.
Below, you can see the configuration, maybe help you to...
data/params :
--------------------
%param = (
'LDAPBaseDN' => 'OU=usuarios,DC=teste,DC=com,DC=br',
'LDAPbinddn' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=br:password',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap://X.X.X.X:389/',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'sAMAccountName',
...
'user_info_class' => 'CGI',
'user_verify_class' => 'LDAP,DB',
....
LDAP
--------
Insert the attribut "mail".
But, and your problem? Can you resolve it?
Again, Thanks a lot.
Best Regards,
Mariana Hoffart Dias
> > I tried the login as "user" or "u...@teste.com.br" and nothing. Always
> > the same error.
>
> > I don't know what to do...I'm trying, if you can help me...
>
> > Thanks a lot,
> > Mariana Hoffart Dias
>
> > _______________________________________________
> > support-bugzilla mailing list
> > support-bugzi...@lists.mozilla.org
> >https://lists.mozilla.org/listinfo/support-bugzilla
> > PLEASE put support-bugzi...@lists.mozilla.org in the To: field when you reply.
Max Kanat-Alexander
> cn=ldap.user:MYPASSWORD,dc=MYDOMAIN,dc=local
> cn=ldap user:MYPASSWORD,dc=MYDOMAIN,dc=local
MYPASSWORD always comes at the end.
-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
vahtis
environment
First was 'LDAPbinddn' =>
'<username>@<domain>.<domain_ext>:<password>'.
Second was to add email to ActiveDirectory otherwise bugzilla
complains about invalid username.
Best Regards,
Ville-Pekka Vahteala
Mari
I resolved this a some time...Below the configuration that works for
me.
data/params :
--------------------
'LDAPBaseDN' => 'OU=usuarios,DC=teste,DC=com,DC=br',
'LDAPbinddn' =>
'CN=AdminBugzilla,OU=usuarios,DC=teste,DC=com,DC=password',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap://X.X.X.X:389/',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'sAMAccountName',
'user_verify_class' => 'LDAP,DB'
agnel...@gmail.com
I'm facing the same issue while integrating Bugzilla to Free IPA. following are the settings used.
LDAPbinddn: uid=bugzillauser,cn=users,cn=compat,dc=domain,dc=com:password
LDAPBaseDN: ou=sudoers,dc=domain,dc=com
LDAPuidattribute: sAMAccountName
LDAPmailattribute: mail
LDAPfilter: ""
Any successful implementation for ldap with free IPA.please let me know your thoughts.
Thorsten Schöning
am Samstag, 23. Februar 2019 um 11:26 schrieben Sie:
> I'm facing the same issue while integrating Bugzilla to Free IPA.
the thread you answered to contains multiple different ones. From bind
errors to wrong LDAP attributes etc.
Mit freundlichen Grüßen,
Thorsten Schöning
--
Thorsten Schöning E-Mail: Thorsten....@AM-SoFT.de
AM-SoFT IT-Systeme http://www.AM-SoFT.de/
Telefon...........05151- 9468- 55
Fax...............05151- 9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
agnel...@gmail.com
>
> > I'm facing the same issue while integrating Bugzilla to Free IPA.
>
> Please be more specific about which error you get actually, because
> the thread you answered to contains multiple different ones. From bind
> errors to wrong LDAP attributes etc.
>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
> --
>
> AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
The error message is:
The login or password you entered is not valid.
If I modify the ldap parameters, the error changes to
URL: http://bugs.xxxxx.com/bugzilla/index.cgi?GoAheadAndLogIn=Log%20in
Failed to bind to the LDAP server. The error message was: Invalid credentials
Traceback:
at Bugzilla/Auth/Verify/LDAP.pm line 149, <DATA> line 755.
Bugzilla::Auth::Verify::LDAP::_bind_ldap_for_search(...) called at Bugzilla/Auth/Verify/LDAP.pm line 41
Bugzilla::Auth::Verify::LDAP::check_credentials(...) called at /loader/0x5593544150c0/Bugzilla/Extension/LDAPGroups/Auth/Verify/LDAP.pm line 19
Bugzilla::Extension::LDAPGroups::Auth::Verify::LDAP::check_credentials(...) called at Bugzilla/Auth/Verify/Stack.pm line 57
Bugzilla::Auth::Verify::Stack::check_credentials(...) called at Bugzilla/Auth.pm line 59
Bugzilla::Auth::login(...) called at Bugzilla.pm line 328
Bugzilla::login(...) called at /var/www/html/bugzilla/index.cgi line 21
Thorsten Schöning
am Samstag, 23. Februar 2019 um 12:58 schrieben Sie:
> The error message is:
> The login or password you entered is not valid.
your username wasn't found or the password is incorrect. Bugzilla
first searches LDAP for the username and then verifies the password by
binding to the LDAP using the formerly found distinguished name and
the password one has entered. Only if both of these operations
succeed, login is granted. You can simply lookup the details in the
following function:
> Bugzilla::Auth::Verify::check_credentials
So I suggest double checking your LDAPuidattribute and what you
actually input into the login form, especially things like "username"
vs. "user...@example.com" etc. The fields configured for
LDAPuidattribute should normally contain "username" only and
LDAPmailattribute should contain "user...@example.com". So depending
on how you want to login, you might use "mail" as LDAPuidattribute and
make LDAPmailattribute empty or such.
> If I modify the ldap parameters, the error changes to
> URL: http://bugs.xxxxx.com/bugzilla/index.cgi?GoAheadAndLogIn=Log%20in
> Failed to bind to the LDAP server. The error message was: Invalid credentials
happens before actually searching for usernames.
Mit freundlichen Grüßen,
Thorsten Schöning
--
AM-SoFT IT-Systeme http://www.AM-SoFT.de/
Telefon...........05151- 9468- 55
Fax...............05151- 9468- 88
Mobil..............0178-8 9468- 04