View Issue Details

IDProjectCategoryView StatusLast Update
0027310mantisbtldappublic2020-10-05 15:37
ReporterDmagnate111 Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version2.24.1 
Summary0027310: Unable to access Mantis via LDAP Account
Description

Hi

I am integrating Mantis with our Active Directory. Below is setting I am using and failure captured in logs,

$g_ldap_server = 'ldap://<ldaphostname>:389';
$g_ldap_root_dn = 'dc=domain,dc=local';
$g_ldap_organization = '"';
$g_ldap_protocol_version = 3;
$g_ldap_network_timeout = 0;
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'cn=Usergroup,ou=ServiceAccounts,ou=SymUsers,ou=SPT Symphony,dc=domain,dc=local';
$g_ldap_bind_passwd = 'XXXXXXXXXX';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_realname_field = 'cn';
$g_use_ldap_realname = ON;
$g_use_ldap_email = OFF;
$g_ldap_follow_referrals = OFF;


Error,

20-09-24 15:55 +08 LDAP ldap_api.php:342 ldap_authenticate_by_username() Binding to LDAP server
2020-09-24 15:55 +08 LDAP ldap_api.php:67 ldap_connect_bind() Attempting connection to LDAP server/URI 'ldap://msipnacadd001.dc2.security.sptel.int:389'.
2020-09-24 15:55 +08 LDAP ldap_api.php:76 ldap_connect_bind() Connection accepted by LDAP server
2020-09-24 15:55 +08 LDAP ldap_api.php:89 ldap_connect_bind() Setting LDAP protocol version to 3
2020-09-24 15:55 +08 LDAP ldap_api.php:111 ldap_connect_bind() Attempting bind to ldap server as 'cn=Usergroup,ou=ServiceAccounts,ou=SymUsers,ou=SPT Symphony,dc=domain,dc=local'
2020-09-24 15:55 +08 LDAP ldap_api.php:124 ldap_connect_bind() Bind to ldap server successful
2020-09-24 15:55 +08 LDAP ldap_api.php:346 ldap_authenticate_by_username() Searching for (&"(sAMAccountName=administrator))
2020-09-24 15:55 +08 LDAP ldap_api.php:50 ldap_log_error() ERROR #-7: Bad search filter
2020-09-24 15:55 +08 LDAP ldap_api.php:351 ldap_authenticate_by_username() Search '(&"(sAMAccountName=administrator))' failed
2020-09-24 15:55 +08 DB database_api.php:161 db_connect() array (

Steps To Reproduce

Enable auth Mantis to use LDAP and this error is reflected.

Additional Information

sAMAccountName is searching for Administrator account. This looks like reason for failure but why its looking for administrator account.

TagsNo tags attached.

Relationships

related to 0019896 closeddregad $g_ldap_root_dn without OU 

Activities

Dmagnate111

Dmagnate111

2020-09-24 05:14

reporter   ~0064478

Followed ID 0019896.

Now administrator is skipped as I disabled it but same error coming with my user now.

Defining OU in root dn also makes no change.

dregad

dregad

2020-09-24 07:15

developer   ~0064479

The problem is not related to the user being searched. The error ERROR #-7: Bad search filter tells you that the LDAP query being performed is incorrect; you should check and make sure your configuration is correct, particularly the $g_ldap-server, $g_ldap_root_dn, $g_ldap_organization and $g_ldap_bind_dn.

Looking at the failing search query in your log Searching for (&&quot;(sAMAccountName=administrator)), I find the &quot; after the first ampersand suspicious. This comes from your $g_ldap_organization, why did you put a double-quote in there ?

This is not a bug or feature request for MantisBT (you are asking for help on how to configure the system). I am therefore resolving this issue as "no change required".

Please use the forums to get support on customizing and using MantisBT (refer to http://www.mantisbt.org/support.php for links and further details).