Mantis with Sharepoint

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
djidave
Posts: 5
Joined: 13 Mar 2006, 13:53

Mantis with Sharepoint

Post by djidave »

Has anyone tried to integrate Mantis within a sharepoint enviroment.

I know there are a lot of issues with intergration to Active Directory. And I think sharepoint can display any webpage inside it.

Any experience or opinions are welcome

Thanks

Dave R
Top
vboctor
Site Admin
Posts: 1304
Joined: 13 Feb 2005, 22:11
Location: Redmond, Washington
Contact:
Contact vboctor

Post by vboctor »

You might find more people who have integrated Mantis with LDAP. And since Active Directory is an LDAP store, you should be able to use that to do the integration.

Regards,
Victor
http://www.futureware.biz/mantisconnect/
Top
cas
Posts: 1768
Joined: 11 Mar 2006, 16:08
Contact:
Contact cas

Post by cas »

If you install Mantis under IIS and want to have single sigon with AD, all you need to do is the following:
1. Disable Anonymous access for the mantis website
2. Ensure Integrated Windows Authentication is ticked
3. Use the following code for index.php (from mantis) :

Code: Select all

<?php 
require_once( 'core.php' ) ;
if ( isset($_SERVER['AUTH_USER'])) {
	$temp = explode('\\\\', $_SERVER['AUTH_USER']); 
        //remove the domain name from AUTH_USER
	if ($temp[1] == "") {
		$name = $temp[0];
	} else {
		$name = $temp[1];
	}
	$t_user_table = config_get( 'mantis_user_table' );
	$f_perm_login='false';
	$query = "SELECT  password FROM $t_user_table WHERE username='$name'";
	$result = db_query( $query ) or die("cannot select: " . mysql_error());
	$f_password = db_result( $result );
	$ok=auth_attempt_login( $name, $f_password, $f_perm_login );
}

if ( auth_is_user_authenticated() ) {
	print_header_redirect( 'main_page.php' );
} else {
	print_header_redirect( 'login_page.php' );
}
?>
This does expect the mantis password to be stored in Plain text which on an intranet should not be a real issue.

If that is not an option you could change

Code: Select all

	
	$t_user_table = config_get( 'mantis_user_table' );
	$f_perm_login='false';
	$query = "SELECT  password FROM $t_user_table WHERE username='$name'";
	$result = db_query( $query ) or die("cannot select: " . mysql_error());
	$f_password = db_result( $result );
	$ok=auth_attempt_login( $name, $f_password, $f_perm_login );
into :

Code: Select all

	
$ok=auth_attempt_script_login( $name );
Cas
Top
vboctor
Site Admin
Posts: 1304
Joined: 13 Feb 2005, 22:11
Location: Redmond, Washington
Contact:
Contact vboctor

Post by vboctor »

I don't agree that storing passwords in clear text is not an issue on intranets. People tend to re-use passwords and this will compromise the privacy of their passwords.

The correct approach would be to use auth_attempt_script_login() which requires only user name for login. For this API the password is optional. This API is specifically designed for scripts and for such scenarios.

Regards,
Victor
http://www.futureware.biz/mantisconnect/
Top
Post Reply

Return to “General Discussion”