Active directory Authentication 1.2.12

Get help from other users here.

Moderators: Contributor, Developer

Post Reply
Gamusino
Posts: 2
Joined: Jan 28, 2013 5:46 am

Active directory Authentication 1.2.12

Post by Gamusino » Jan 28, 2013 5:53 am

Hi, I'm a new user, and I'm doing a project about mantisbt 1.2.12 for my institute.
I have one machine with windows server 2003 where I have my users in Active directory;

And another machine with Centos 5.8 where I have installed mantisbt.

I will like to use the users of active directory to login mantis.

Can someone explain me how to doit please?

srry for my english, I'm not so good with that language =D

Gamusino
Posts: 2
Joined: Jan 28, 2013 5:46 am

Re: Active directory Authentication 1.2.12

Post by Gamusino » Feb 07, 2013 2:03 pm

I read all file config_default_inc and I saw this variables:

$g_ldap_server = my_domain.org;
$g_ldap_root_dn = 'dc=my_domain,dc=org';
$g_ldap_organization = 'domain';
$g_ldap_uid_field = 'sAMAccountName'; *I don't know why this myst be sAMAccountName
$g_ldap_realname_field = 'name';maybe the name of machina that have active directory?
$g_ldap_bind_dn = 'CN=Administrator,OU=Users,DC=domain,DC=org';
$g_ldap_bind_passwd = 'password';
$g_login_method = LDAP;

Can someone Say me if with this changes I could log in mantis with active direcory users?

atrol
Site Admin
Posts: 7615
Joined: Mar 26, 2008 4:37 pm
Location: Germany

Re: Active directory Authentication 1.2.12

Post by atrol » Feb 07, 2013 4:44 pm

Please use Search before posting and read the Manual

SteveC
Posts: 1
Joined: Feb 13, 2013 9:10 am

Re: Active directory Authentication 1.2.12

Post by SteveC » Feb 13, 2013 11:15 am

Not working for me either - My config is:

$g_login_method = LDAP;
$g_ldap_server = '192.168.1.1:3268';
$g_ldap_root_dn = 'DC=euro,DC=example,DC=com';
$g_ldap_bind_dn = 'DC=euro,DC=example,DC=com';

$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;
$g_ldap_uid_field = 'sAMAccountName';

$g_use_ldap_email = ON;
$g_use_ldap_realname = ON;

$g_log_level = LOG_LDAP;
$g_log_destination = 'file:c:\xampp\htdocs\mantisbt\mantisbt.log';

In the browser I get the following error:

SYSTEM WARNING: 'ldap_search(): Search: Operations error' in 'C:\xampp\htdocs\mantisbt-1.2.14\core\ldap_api.php' line 358

and in the LDAP_LOG logs the following:

2013-02-13 16:42 CET ldap Binding to LDAP server
2013-02-13 16:42 CET ldap Attempting connection to LDAP URI '192.168.168.1:3268'.
2013-02-13 16:42 CET ldap Connection accepted by LDAP server
2013-02-13 16:42 CET ldap Setting LDAP protocol version to 3
2013-02-13 16:42 CET ldap Attempting anonymous bind to ldap server
2013-02-13 16:42 CET ldap Bind to ldap server successful
2013-02-13 16:42 CET ldap Searching for (&(sAMAccountName=SteveC))
2013-02-13 16:42 CET ldap ERROR #1: Operations error
2013-02-13 16:42 CET ldap ldap search failed

Any clue what might be going wrong?

Lapinkiller
Posts: 404
Joined: Jan 28, 2011 1:47 pm
Location: France
Contact:

Re: Active directory Authentication 1.2.12

Post by Lapinkiller » Feb 22, 2013 11:02 am

hello

try adding :
$g_ldap_organization = '(objectClass=*)';
Lapinkiller,
French PHP developer
New look for your mantis : http://www.mantisbt.org/forums/viewtopi ... =4&t=20055

cas
Posts: 527
Joined: Mar 11, 2006 11:08 am
Contact:

Re: Active directory Authentication 1.2.12

Post by cas » Feb 22, 2013 1:34 pm

As an alternative there is the ADlogin plugin which makes logging on very transparent. You can find it on the bugtracker ( http://www.mantisbt.org/bugs/view.php?id=12627 ) :mrgreen:

Kiolul
Posts: 2
Joined: Mar 05, 2014 4:31 am

Re: Active directory Authentication 1.2.12

Post by Kiolul » Mar 05, 2014 4:36 am

Hello,
I encounter same problem with my fresh install of mantis 1.2.17
My configuration:

Code: Select all

 # --- LOG ---
$g_log_level = LOG_LDAP;
$g_log_destination = 'file:/var/log/mantis/mantisbt.log';

 # --- AD Auth ---
$g_login_method = LDAP;
$g_ldap_server = 'ldap://pdc:389';
$g_ldap_root_dn = 'dc=DOMAIN,dc=LOCAL';
$g_ldap_bind_dn = 'DOMAIN\\ldap_bind';
$g_ldap_bind_passwd ='pass';
$g_ldap_organization = '';
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';
$g_use_ldap_email = ON;
I have previously install the php5-ldap package and create an account with a domain user.
During the login process, the following error appears: SYSTEM WARNING: 'ldap_search(): Search: Operations error' in '/usr/share/mantis/mantisbt-1.2.17/core/ldap_api.php' line 358
In the log:

Code: Select all

2014-03-05 09:28 UTC ldap Binding to LDAP server
2014-03-05 09:28 UTC ldap Attempting connection to LDAP URI 'ldap://pdc:389'.
2014-03-05 09:28 UTC ldap Connection accepted by LDAP server
2014-03-05 09:28 UTC ldap Setting LDAP protocol version to 3
2014-03-05 09:28 UTC ldap Attempting bind to ldap server with username and password
2014-03-05 09:28 UTC ldap Bind to ldap server successful
2014-03-05 09:28 UTC ldap Searching for (&(sAMAccountName=username))
2014-03-05 09:28 UTC ldap ERROR #1: Operations error
2014-03-05 09:28 UTC ldap ldap search failed
Thx for your help.

Kiolul
Posts: 2
Joined: Mar 05, 2014 4:31 am

Re: Active directory Authentication 1.2.12

Post by Kiolul » Mar 11, 2014 5:52 am

Hello,
I have found the solution.
The problem is in my ldap root dn:
$g_ldap_root_dn = 'DC=domain,DC=local'; doesn't work
$g_ldap_root_dn = 'OU=XXX,DC=domain,DC=local'; works

But, this previous root dn parameter works with GLPI and Redmine...
Thx.

mushu
Posts: 145
Joined: Jan 04, 2017 12:41 pm

Re: Active directory Authentication 1.3

Post by mushu » Jan 04, 2017 12:44 pm

I had been running Mantis 1.2 with the adLogin plugin working just fine. Now I installed Mantis 1.3 and the same plugin no longer seems to work. I created the directory under "plugins" and unpacked the plugin, then I edited the "core" config file per the instructions.

What am I doing wrong? It doesn't show up int he plugins config screen with either "install" or "uninstall" link and it doesn't seem to be working at all.

cas
Posts: 527
Joined: Mar 11, 2006 11:08 am
Contact:

Re: Active directory Authentication 1.2.12

Post by cas » Jan 05, 2017 10:21 am

Did you also implemented, as described iun the issue:
This plugin uses the function auth_attempt_script_login, which in the past was enough for getting access.
As of version 1.2.x this function offers less functionality than before.
This function is available in core\authentication_api.php
In order to overcome this, one needs to add 3 lines at the end of this function:
# set the cookies
$p_perm_login=false;
auth_set_cookies( $t_user_id, $p_perm_login );
auth_set_tokens( $t_user_id );

Add these just before the comment line stating:
# ok, we're good to login now (around line 279)

In addition, one can uncomment the line:
# user_increment_login_count( $t_user_id );
It should look like:
user_increment_login_count( $t_user_id );
In that case still all logins are counted.

The change mentioned above can bring additional security risks in case you Mantis is on the WWW opposite an intranet.

mushu
Posts: 145
Joined: Jan 04, 2017 12:41 pm

Re: Active directory Authentication 1.2.12

Post by mushu » Jan 05, 2017 11:13 am

Yes I did all those things.

cas
Posts: 527
Joined: Mar 11, 2006 11:08 am
Contact:

Re: Active directory Authentication 1.2.12

Post by cas » Jan 06, 2017 4:20 am

I am not using 1.3 but expect that there is some change in functions used. Possibly the pluin itself needs small adjustments based upon 1.3

mushu
Posts: 145
Joined: Jan 04, 2017 12:41 pm

Re: Active directory Authentication 1.2.12

Post by mushu » Jan 26, 2017 3:03 pm

Just to follow up, the actual problem was that the AD plugin was not actually installed according to Mantis (Manage Plugins screen). It needed to have it's code updated by increasing the Core version requirement. Once that was done the Install link appeared in the Mantis plugins screen, and after clicking Install (and following the above config items) everything worked properly!

cas
Posts: 527
Joined: Mar 11, 2006 11:08 am
Contact:

Re: Active directory Authentication 1.2.12

Post by cas » Jan 27, 2017 11:27 am

You are correct here, found the same issue in preparing the plugin for version 2.0 :D

Post Reply