0023412: new users cannot sign up for an account - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0023412	mantisbt	signup	public	2017-09-28 12:19	2017-10-08 23:52

Reporter	helfy022	Assigned To	atrol
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	no change required
Product Version	2.5.1

Summary	0023412: new users cannot sign up for an account
Description	Hello, Although the following config setting is imposed: $g_allow_signup = ON; no link is provided on the login page to allow users to sign up for an account. Ours is an LDAP-based auth system. Is/are there other setting(s) that need(s) to be imposed in order to make the signup page accessible to to-be created users? Thanks, Ryan.
Tags	No tags attached.
Attached Files

atrol 2017-09-29 01:40 developer ~0057839	LDAP authenticaction serves to authenticate users, that's it. It is not meant to create users in your LDAP / AD, From https://www.mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.auth.ldap The user's ID and password is checked against the Directory; if the credentials are valid, then the user is allowed to login and their user account in MantisBT is created automatically.

helfy022 2017-09-29 08:58 reporter ~0057851	Hi @atrol, Apologies - my fault for not being sufficiently clear. I am referring to folks who are already LDAP-compliant users who want to sign up for their own MantisBT accounts. Not trying to provide a means of creating users in LDAP. As you noted, our MantisBT config only relies on LDAP for authentication. Just looking to figure out how to give potential MantisBT users (who are already valid LDAP users) the opportunity to sign up for a MantisBT account themselves. The signup link/page is not available in spite of the $g_allow_signup setting being set to 'ON.' For now, we have been asking folks to make requests to administrators, who manually create the new user account after confirming that that are already in LDAP. Please let me know if I can provide any further clarifications. Thanks very much for your help. Ryan.

atrol 2017-09-29 09:13 developer ~0057852	I don't use LDAP, so I might be wrong and there is a bug in MantisBT. As I wrote before, according documentation if the credentials are valid, then the user is allowed to login and their user account in MantisBT is created automatically. So I would expect that users don't signup, but just login to MantisBT using their LDAP username and passwort.

helfy022 2017-09-29 09:41 reporter ~0057853	Hi @atrol, That's not our experience with the LDAP-compliant config. Users that have a valid username/password cannot login to MantisBT if they do not have an account created for them. The login screen only shows a text box for the username and a login button. On the screen that follows, if the user does not successfully "Enter password for 'username'," he/she sees the message "Your account may be disabled or blocked or the username/password you entered it incorrect." A link that allows the user to sign up for their own MantisBT account is never presented. For the screen shots provided, please assume that "username" is a valid LDAP user (but not yet a MantisBT one) and the password he/she provides matches that in LDAP. Please let me know if I can provide anymore info. Ryan. mantisLoginPassword.PNG (25,617 bytes) mantisLoginPassword.PNG (25,617 bytes) mantisLoginGreet.PNG (20,337 bytes) mantisLoginGreet.PNG (20,337 bytes) mantisLoginFail.PNG (25,591 bytes) mantisLoginFail.PNG (25,591 bytes)

helfy022 2017-09-29 09:42 reporter ~0057854	Quick clarification on the second sentence of the last post: Users that have a valid LDAP username/password cannot login to MantisBT if they do not have a MantisBT account created for them.

atrol 2017-09-29 13:47 developer ~0057855	You are right, there is a known bug 0022331

helfy022 2017-09-29 13:52 reporter ~0057856	Thanks, @atrol. I will post to the noted bug and look for updates there. Ryan.