LDAP Settings

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

LDAP Settings

Post by fabpan »

Hello,

I'm trying to set my config_inc.php properly

here are my settings:

#-- LDAP --
$g_login_method = LDAP;
$g_ldap_server = 'CTI01.integrale.home/';
$g_ldap_port = '389';
$g_ldap_root_dn = 'CN=USERS\Admins,DC=Company,DC=home';
$g_ldap_organization = '';
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'CN=CTIWiki,DC=Company,DC=home';
$g_ldap_bind_password = 'mypassword';


# --- Active directory --
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';


Do you see anything wrong ?


Thank U.
Mejstro
Posts: 24
Joined: 07 May 2014, 12:07

Re: LDAP Settings

Post by Mejstro »

I don´t know your LDAP configuration, but I think the $g_ldap_server should be something like this:

Code: Select all

$g_ldap_server = 'ldap://servername.domain.local:389';
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello and thank you for your answer.

I have modified my settings according to your advice but I still have the same problem. Nothing works.

Here are my settings:

#-- LDAP --
$g_login_method = LDAP;
$g_ldap_server = 'ldap://CTI01.company.home:389';
$g_ldap_root_dn = 'OU=Users, DC=company, DC=home';
$g_ldap_organization = '';
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'CN=CTIWiki, DC=company, DC=home'; // this line is used to connect to the active directory server ( Maybe I'm making a mistake here).
$g_ldap_bind_password = 'mypassword'; // this line is the active directory server password but again I am not sure about what I'm doing.

# --- Active directory --
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';


I have many people in Users (Ex: CN=John Smith, CN=Robert Washington etc...). I have also created a user named John Smith in MantisBT because I have read somewhere I had to it in order to make it work.

When I try to log in I use John Smith with his active directory password but it does not work.

If someone can help me it will be great because I have been searching for a week.

Thank you for your help.
Mejstro
Posts: 24
Joined: 07 May 2014, 12:07

Re: LDAP Settings

Post by Mejstro »

This is example of my fully working LDAP (AD) settings in config_inc.php:

Code: Select all

$g_login_method = LDAP;
$g_ldap_server = 'ldap://server.domain.local:389';
$g_ldap_root_dn = 'cn=Users,dc=domain,dc=local';
$g_ldap_organization = '(objectClass=*)';
$g_ldap_realname_field  = 'cn';
$g_ldap_uid_field = 'sAMAccountName';   
$g_ldap_bind_dn = 'cn=username,cn=Users,dc=domain,dc=local';
$g_ldap_bind_passwd = 'password'; 
$g_ldap_protocol_version = 3;
$g_use_ldap_email		= OFF;
$g_use_ldap_realname	= ON;
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello,

Thank you for helping me but I still have the same problem.

I created my account John Smith in Mantis like it is in Active Directory.

My User is in Users. I really don't know what to do.

#-- LDAP --
$g_login_method = LDAP;
$g_ldap_server = 'ldap://CTI01.company.home:389';
$g_ldap_port = '389';
$g_ldap_root_dn = 'OU=Users, DC=company, DC=home';
$g_ldap_organization = '(objectClass=*)';
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'CN=John Smith, OU=Users, DC=company, DC=home';
$g_ldap_bind_password = 'password';
$g_use_ldap_realname = ON;
$g_ldap_realname_field = 'cn';

# --- Active directory --
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';
$g_use_ldap_email = OFF;

I hope you will be able to help me again.
Mejstro
Posts: 24
Joined: 07 May 2014, 12:07

Re: LDAP Settings

Post by Mejstro »

I am not sure, how to help, if I know nothing about your AD structure and configuration. I would only ask a few question and notes:
1) Is "John Smith" real username or full name? (I am not sure about the space)
2) Is this correct: $g_ldap_root_dn = 'OU=Users, DC=company, DC=home'; ? Should not be: $g_ldap_root_dn = 'cn=Users, dc=company, dc=home';
3) Have you tried logging ( $g_log_level = LOG_LDAP)? What is there in the log?
4) I am not sure about the capitals as well...
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello Again,

Here are my answers to your questions.

1) John Smith is the full name and there is some space between both names
2) For this one I tried as you said but nothing changes
3) Yes I have a log file (check below what I get from it):
016-01-28 08:15 CET ldap t_ldap_root_dn:ou=Users, dc=company, dc=home
2016-01-28 08:15 CET ldap Binding to LDAP server p_username=JSmith p_password=password
2016-01-28 08:15 CET ldap Binding to LDAP server
2016-01-28 08:15 CET ldap Attempting connection to LDAP URI 'ldap://CTI01.company.home:389'.
2016-01-28 08:15 CET ldap Connection accepted by LDAP server
2016-01-28 08:15 CET ldap Setting LDAP protocol version to 3
2016-01-28 08:15 CET ldap Setting LDAP follow_referrals to 0
2016-01-28 08:15 CET ldap BINDING: p_binddn & p_password are blank()
2016-01-28 08:15 CET ldap BINDING: p_binddn:cn=John Smith, ou=Users, dc=company, dc=home p_password:
2016-01-28 08:15 CET ldap Attempting anonymous bind to ldap server
2016-01-28 08:15 CET ldap Bind to ldap server successful
2016-01-28 08:15 CET ldap Searching for (&(sAMAccountName=JSmith))
2016-01-28 08:15 CET ldap Arguments t_ldap_root_dn:ou=Users, dc=company, dc=home t_search_filter:(&(sAMAccountName=JSmith)) t_search_attrs:Array
2016-01-28 08:15 CET ldap ERROR #1: Operations error
2016-01-28 08:15 CET ldap ldap search failed

According to my research It sounds that many mantis users have trouble to make this work.

If you see something wrong, please let me know.

Thanks U
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello,

I have changed my settings.

#-- LDAP --
$g_login_method = LDAP;
$g_ldap_server = 'ldap://CTI01.company.home';
$g_ldap_port = '389';
$g_ldap_root_dn = 'DC=integrale, DC=home';
$g_ldap_organization = '';
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'CN=G_WikiCTI, CN=Users, DC=company, DC=home'; // G_WikiCTI is a group to access to my users, this group is inside Users.
$g_ldap_bind_password = 'password'; // Password to connect to my active directory server
$g_use_ldap_realname = ON;
$g_ldap_realname_field = 'sn'; // I would like to use the sn to connect not the full name (cn)

# --- Active directory --
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';
$g_use_ldap_email = OFF;


I also have created an account in Mantis by using the sn attribute (cn=John Smith, sn=jSmith). The account is activated.
I can't make it work. If someone can help me ....

Thank U
Mejstro
Posts: 24
Joined: 07 May 2014, 12:07

Re: LDAP Settings

Post by Mejstro »

$g_ldap_bind_dn = 'CN=G_WikiCTI, CN=Users, DC=company, DC=home'; // G_WikiCTI is a group to access to my users, this group is inside Users.
$g_ldap_bind_password = 'password'; // Password to connect to my active directory server
$g_ldap_bind_dn = I think, only user with AD read permission is allowed here. Not the group.
$g_ldap_bind_password = password for the user specified in $g_ldap_bind_dn
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello,

I have modified my settings to do as you said but nothing works.

I really don't know what to do to make it work.

I keep searching.


Thank U.
fabpan
Posts: 9
Joined: 20 Jan 2016, 14:28

Re: LDAP Settings

Post by fabpan »

Hello,

I have a question.

We always use the sn to connect when we log in so my question is, do I have to use the sn or the cn to create my mantis account ?

I created a mantis account like the cn to test it but nothing works.

here are my last settings:

$g_login_method = LDAP;
$g_ldap_server = 'ldap://CTI01.company.home:389/';
$g_ldap_root_dn = 'OU=LGE, DC=company,DC=home';
$g_ldap_organization = '(objectClass=*)';
$g_ldap_follow_referrals = OFF;
$g_ldap_bind_dn = 'CN=firstname lastname, OU=LGE, DC=company, DC=home';
$g_ldap_bind_password = 'password';

# --- Active directory --
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';

According to me I do exactly as anybody else but it doesn't work.

Thank U
Mejstro
Posts: 24
Joined: 07 May 2014, 12:07

Re: LDAP Settings

Post by Mejstro »

$g_ldap_bind_dn settings has nothing common with creating user in Mantis, I suppose. It is the user, who just can read if the user exists in AD.
millahjovich
Posts: 2
Joined: 13 Jun 2016, 08:09

Re: LDAP Settings

Post by millahjovich »

I am not sure, how to help, if I know nothing about your AD structure and configuration. I would only ask a few question and notes:
1) Is "John Smith" real username or full name? (I am not sure about the space)
2) Is this correct: $g_ldap_root_dn = 'OU=Users, DC=company, DC=home'; ? Should not be: $g_ldap_root_dn = 'cn=Users, dc=company, dc=home';
3) Have you tried logging ( $g_log_level = LOG_LDAP)? What is there in the log?
4) I am not sure about the capitals as well...
Post Reply