Authentication Configuration
Posted: 04 Jun 2010, 10:50
I have been having problems configuring the authentication for MantisBT. Currently, I am trying to run 1.1.8 on a RHEL5/php-5.1.x system.
Ideally, I'l like to use http or basic authentication (I think). I'm a little uncertain because I've had trouble finding enough details in the documentation to be sure. I've also experimented with LDAP authentication against my Active Directory, though this is not my preferred solution. So far, I've been unable to get any of these to work properly.
For BASIC_AUTH, I've simply set
$g_login_method = BASIC_AUTH;
In this mode, I also configure apache to auth the user (against LDAP) using mod_aythnz_ldap. This works fine. After entering my username/password, I am presented with the MantisBT login page?
* Any attempt to authenticate again is unsuccessful.
* If I go through the request new account thing, and follow the link back to the system, I am logged in fine and can do stuff
* Subsequent logout/login always fails after the initial login after account creation. I can auth via apache as expected, but
I am still presented with the MantisBT login page, and no combination of username/password is successful. Errors returned indicate
the username/password is bad.
For LDAP, I configure the system to auth directly to my ldap server like:
--- LDAP Authentication Configuration ---
$g_login_method = LDAP;
$g_ldap_server = "ldaps://<my servers FQDN>";
$g_ldap_port = 636;
$g_ldap_root_dn = "CN=Users, DC=<MyDomain>, DC=<MyTLD>";
$g_ldap_bind_dn = "CN=ldapread, OU=Users, OU=<OU1>, OU=<OU2>, DC=<MyDomain>, DC=<MyTLD>";
$g_ldap_bind_passwd = "<MySvcPasswd>";
#$g_use_ldap_email = YES;
$g_ldap_follow_referrals = OFF;
$g_ldap_protocol_version = 3;
With this configuration, I also disable the apache authentication. Then, I am immediately presented with the MantisBT login.
No username/password allows me to login. Again, if I go through the request new account process, after following the link back, I
am logged in. However, if I log out and try to come back, it continues to fail to authenticate.
To check my LDAP connection, I tried changing the ldap service account name to an incorrect one. IN this case, accessing the login page gives me an error to the effect that the LDAP connection failed. I've tried the same experiments with ldap and port 389 (instead of ldaps and 636).
I've also tried disabling the fancier auth methods and logged in with the admin account. I then created an account entry for an account where the username matches one in Active Directory, then attempting to login (using LDAP and BASUC_AUTH), with similar results -- I am always presented with the MantisBT login page, through which I can never authenticate.
I started out with MantisBT-1.2.1. After the same fiddling described above, I noticed the dependence on PHP-5.2.x. At that point, I abandoned that installation and went back to 1.1.8 since it was purportedly supported by the PHP I am running. The results have been identical for both versions.
I can't help but think I am missing something obvious. BUt so far, it has eluded me. I have a couple of days into this at this point, and had hoped configuring the authentication woudl be asimple matter. I've done it for numerous other web applications and systems, but this one has me stumped.
Does anyone see what I'm missing here? The product looks great and I'm anxious to deliver it to a group of interested users, but I've got to get this part working first (obviously).
Thanks for any assistance,
Marty Wise
Jefferson Lab
Newport News, Virginia, US
Ideally, I'l like to use http or basic authentication (I think). I'm a little uncertain because I've had trouble finding enough details in the documentation to be sure. I've also experimented with LDAP authentication against my Active Directory, though this is not my preferred solution. So far, I've been unable to get any of these to work properly.
For BASIC_AUTH, I've simply set
$g_login_method = BASIC_AUTH;
In this mode, I also configure apache to auth the user (against LDAP) using mod_aythnz_ldap. This works fine. After entering my username/password, I am presented with the MantisBT login page?
* Any attempt to authenticate again is unsuccessful.
* If I go through the request new account thing, and follow the link back to the system, I am logged in fine and can do stuff
* Subsequent logout/login always fails after the initial login after account creation. I can auth via apache as expected, but
I am still presented with the MantisBT login page, and no combination of username/password is successful. Errors returned indicate
the username/password is bad.
For LDAP, I configure the system to auth directly to my ldap server like:
--- LDAP Authentication Configuration ---
$g_login_method = LDAP;
$g_ldap_server = "ldaps://<my servers FQDN>";
$g_ldap_port = 636;
$g_ldap_root_dn = "CN=Users, DC=<MyDomain>, DC=<MyTLD>";
$g_ldap_bind_dn = "CN=ldapread, OU=Users, OU=<OU1>, OU=<OU2>, DC=<MyDomain>, DC=<MyTLD>";
$g_ldap_bind_passwd = "<MySvcPasswd>";
#$g_use_ldap_email = YES;
$g_ldap_follow_referrals = OFF;
$g_ldap_protocol_version = 3;
With this configuration, I also disable the apache authentication. Then, I am immediately presented with the MantisBT login.
No username/password allows me to login. Again, if I go through the request new account process, after following the link back, I
am logged in. However, if I log out and try to come back, it continues to fail to authenticate.
To check my LDAP connection, I tried changing the ldap service account name to an incorrect one. IN this case, accessing the login page gives me an error to the effect that the LDAP connection failed. I've tried the same experiments with ldap and port 389 (instead of ldaps and 636).
I've also tried disabling the fancier auth methods and logged in with the admin account. I then created an account entry for an account where the username matches one in Active Directory, then attempting to login (using LDAP and BASUC_AUTH), with similar results -- I am always presented with the MantisBT login page, through which I can never authenticate.
I started out with MantisBT-1.2.1. After the same fiddling described above, I noticed the dependence on PHP-5.2.x. At that point, I abandoned that installation and went back to 1.1.8 since it was purportedly supported by the PHP I am running. The results have been identical for both versions.
I can't help but think I am missing something obvious. BUt so far, it has eluded me. I have a couple of days into this at this point, and had hoped configuring the authentication woudl be asimple matter. I've done it for numerous other web applications and systems, but this one has me stumped.
Does anyone see what I'm missing here? The product looks great and I'm anxious to deliver it to a group of interested users, but I've got to get this part working first (obviously).
Thanks for any assistance,
Marty Wise
Jefferson Lab
Newport News, Virginia, US