Active directory Authentication 1.2.12

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
Gamusino
Posts: 2
Joined: 28 Jan 2013, 10:46

Active directory Authentication 1.2.12

Post by Gamusino »

Hi, I'm a new user, and I'm doing a project about mantisbt 1.2.12 for my institute.
I have one machine with windows server 2003 where I have my users in Active directory;

And another machine with Centos 5.8 where I have installed mantisbt.

I will like to use the users of active directory to login mantis.

Can someone explain me how to doit please?

srry for my english, I'm not so good with that language =D
Gamusino
Posts: 2
Joined: 28 Jan 2013, 10:46

Re: Active directory Authentication 1.2.12

Post by Gamusino »

I read all file config_default_inc and I saw this variables:

$g_ldap_server = my_domain.org;
$g_ldap_root_dn = 'dc=my_domain,dc=org';
$g_ldap_organization = 'domain';
$g_ldap_uid_field = 'sAMAccountName'; *I don't know why this myst be sAMAccountName
$g_ldap_realname_field = 'name';maybe the name of machina that have active directory?
$g_ldap_bind_dn = 'CN=Administrator,OU=Users,DC=domain,DC=org';
$g_ldap_bind_passwd = 'password';
$g_login_method = LDAP;

Can someone Say me if with this changes I could log in mantis with active direcory users?
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Active directory Authentication 1.2.12

Post by atrol »

Please use Search before posting and read the Manual
SteveC
Posts: 1
Joined: 13 Feb 2013, 14:10

Re: Active directory Authentication 1.2.12

Post by SteveC »

Not working for me either - My config is:

$g_login_method = LDAP;
$g_ldap_server = '192.168.1.1:3268';
$g_ldap_root_dn = 'DC=euro,DC=example,DC=com';
$g_ldap_bind_dn = 'DC=euro,DC=example,DC=com';

$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;
$g_ldap_uid_field = 'sAMAccountName';

$g_use_ldap_email = ON;
$g_use_ldap_realname = ON;

$g_log_level = LOG_LDAP;
$g_log_destination = 'file:c:\xampp\htdocs\mantisbt\mantisbt.log';

In the browser I get the following error:

SYSTEM WARNING: 'ldap_search(): Search: Operations error' in 'C:\xampp\htdocs\mantisbt-1.2.14\core\ldap_api.php' line 358

and in the LDAP_LOG logs the following:

2013-02-13 16:42 CET ldap Binding to LDAP server
2013-02-13 16:42 CET ldap Attempting connection to LDAP URI '192.168.168.1:3268'.
2013-02-13 16:42 CET ldap Connection accepted by LDAP server
2013-02-13 16:42 CET ldap Setting LDAP protocol version to 3
2013-02-13 16:42 CET ldap Attempting anonymous bind to ldap server
2013-02-13 16:42 CET ldap Bind to ldap server successful
2013-02-13 16:42 CET ldap Searching for (&(sAMAccountName=SteveC))
2013-02-13 16:42 CET ldap ERROR #1: Operations error
2013-02-13 16:42 CET ldap ldap search failed

Any clue what might be going wrong?
Lapinkiller
Posts: 408
Joined: 28 Jan 2011, 18:47
Location: France
Contact:

Re: Active directory Authentication 1.2.12

Post by Lapinkiller »

hello

try adding :
$g_ldap_organization = '(objectClass=*)';
Lapinkiller,
French PHP developer
New look for your mantis : http://www.mantisbt.org/forums/viewtopi ... =4&t=20055
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: Active directory Authentication 1.2.12

Post by cas »

As an alternative there is the ADlogin plugin which makes logging on very transparent. You can find it on the bugtracker ( http://www.mantisbt.org/bugs/view.php?id=12627 ) :mrgreen:
Kiolul
Posts: 2
Joined: 05 Mar 2014, 09:31

Re: Active directory Authentication 1.2.12

Post by Kiolul »

Hello,
I encounter same problem with my fresh install of mantis 1.2.17
My configuration:

Code: Select all

 # --- LOG ---
$g_log_level = LOG_LDAP;
$g_log_destination = 'file:/var/log/mantis/mantisbt.log';

 # --- AD Auth ---
$g_login_method = LDAP;
$g_ldap_server = 'ldap://pdc:389';
$g_ldap_root_dn = 'dc=DOMAIN,dc=LOCAL';
$g_ldap_bind_dn = 'DOMAIN\\ldap_bind';
$g_ldap_bind_passwd ='pass';
$g_ldap_organization = '';
$g_ldap_protocol_version = 3;
$g_ldap_uid_field = 'sAMAccountName';
$g_use_ldap_email = ON;
I have previously install the php5-ldap package and create an account with a domain user.
During the login process, the following error appears: SYSTEM WARNING: 'ldap_search(): Search: Operations error' in '/usr/share/mantis/mantisbt-1.2.17/core/ldap_api.php' line 358
In the log:

Code: Select all

2014-03-05 09:28 UTC ldap Binding to LDAP server
2014-03-05 09:28 UTC ldap Attempting connection to LDAP URI 'ldap://pdc:389'.
2014-03-05 09:28 UTC ldap Connection accepted by LDAP server
2014-03-05 09:28 UTC ldap Setting LDAP protocol version to 3
2014-03-05 09:28 UTC ldap Attempting bind to ldap server with username and password
2014-03-05 09:28 UTC ldap Bind to ldap server successful
2014-03-05 09:28 UTC ldap Searching for (&(sAMAccountName=username))
2014-03-05 09:28 UTC ldap ERROR #1: Operations error
2014-03-05 09:28 UTC ldap ldap search failed
Thx for your help.
Kiolul
Posts: 2
Joined: 05 Mar 2014, 09:31

Re: Active directory Authentication 1.2.12

Post by Kiolul »

Hello,
I have found the solution.
The problem is in my ldap root dn:
$g_ldap_root_dn = 'DC=domain,DC=local'; doesn't work
$g_ldap_root_dn = 'OU=XXX,DC=domain,DC=local'; works

But, this previous root dn parameter works with GLPI and Redmine...
Thx.
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: Active directory Authentication 1.3

Post by mushu »

I had been running Mantis 1.2 with the adLogin plugin working just fine. Now I installed Mantis 1.3 and the same plugin no longer seems to work. I created the directory under "plugins" and unpacked the plugin, then I edited the "core" config file per the instructions.

What am I doing wrong? It doesn't show up int he plugins config screen with either "install" or "uninstall" link and it doesn't seem to be working at all.
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: Active directory Authentication 1.2.12

Post by cas »

Did you also implemented, as described iun the issue:
This plugin uses the function auth_attempt_script_login, which in the past was enough for getting access.
As of version 1.2.x this function offers less functionality than before.
This function is available in core\authentication_api.php
In order to overcome this, one needs to add 3 lines at the end of this function:
# set the cookies
$p_perm_login=false;
auth_set_cookies( $t_user_id, $p_perm_login );
auth_set_tokens( $t_user_id );

Add these just before the comment line stating:
# ok, we're good to login now (around line 279)

In addition, one can uncomment the line:
# user_increment_login_count( $t_user_id );
It should look like:
user_increment_login_count( $t_user_id );
In that case still all logins are counted.

The change mentioned above can bring additional security risks in case you Mantis is on the WWW opposite an intranet.
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: Active directory Authentication 1.2.12

Post by mushu »

Yes I did all those things.
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: Active directory Authentication 1.2.12

Post by cas »

I am not using 1.3 but expect that there is some change in functions used. Possibly the pluin itself needs small adjustments based upon 1.3
mushu
Posts: 349
Joined: 04 Jan 2017, 17:41

Re: Active directory Authentication 1.2.12

Post by mushu »

Just to follow up, the actual problem was that the AD plugin was not actually installed according to Mantis (Manage Plugins screen). It needed to have it's code updated by increasing the Core version requirement. Once that was done the Install link appeared in the Mantis plugins screen, and after clicking Install (and following the above config items) everything worked properly!
cas
Posts: 1586
Joined: 11 Mar 2006, 16:08
Contact:

Re: Active directory Authentication 1.2.12

Post by cas »

You are correct here, found the same issue in preparing the plugin for version 2.0 :D
Post Reply