How to configure Bugzilla to Authenticate to Active Directory?

So I already have an article on installing Bugzilla. See it here:
How to install Bugzilla on a FreeBSD 7.2 with Apache + SSL and MySQL?

So I am not going to cover installing Bugzilla. Just how to get it to connect to Active Directory. Mostly the documentation was there, but there was not really a good example of actual implementation. If the documentation doesn’t provide an example (preferably multiple real world exmaples) then it is poor documentation. Yes, Bugzilla, you are free to take my documentation and put it in your manual, or link to this page.

  1. Gather the information from your production environment, especially the LDAP information for your Active Directory configuration: 
    • Bugzilla Server name: 
      http://myserver/bugzilla

       

    • The LDAP Servers (Active Directory servers):
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    • The LDAP Bind DN info of a user that can read Active Directory. (This can be any active directory user, as long as this user can read active directory’s users, which pretty much an user no matter how locked down can do.)So my username on the domain is JBarneck, but that is not what to use here. The LDAP Bind DN of my user name is like this (with company secret information changed).
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    • The LDAP Base DN, which is the LDAP information for the OU that your users are in.
      My LDAP Base DN for the OU I am in is this (again with company secret information changed). This is exactly what I pasted into my configuration, backslash and all. 

      OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld
    • The LDAPuidattribute, which is sAMAccountName and I don’t know if you can changed in Active Directory.
      sAMAccountName

       

    Note: I’ll be honest. I didn’t have access to a domain controller or Active Directory so I used a tool called LDAPWhoAmI.exe (with an accompanying ldapinfo.dll) that is included in LANDesk’s Management Suite software. I can’t give you these files. But if you wanted to do a trial of LANDesk Management Suite, you could download a Management Suite trial (which is a gig or so) and extract it and get these files. You don’t have to install, just extract and search for the two files. Copy them to a Windows workstation on your domain, then open a command prompt and change to the directory where LDAPWhoAmI.exe and ldapinfo.dll was copied and run LDAPWhoAmI.exe.

  2. Log into Bugzilla as an administrator. There is not default administrative user for Bugzilla. You should have created a user account as part of the install.
  3. Enable the LDAP module.
    1. Click on Administration from the top menu bar.
    2. Click on Parameters.
    3. Click on User Authentication on the left menu bar.
    4. Scroll down to the user_verify_class setting.
    5. Highlight LDAP and click the up arrow so that it is first in the list. I left DB enabled. I left Radius disabled.
    6. At the bottom of the web page (yes you have to scroll all the way to the bottom) click the Save Changes button.
  4. Configure LDAP to connect to Active Directory.
    1. Click on LDAP on the left menu bar.
    2. Under LDAPserver put your Active Directory servers.
      dc1.corp.mydomain.tld, dc2.corp.mydomain.tld

       

    3. Under LDAPbinddn put your user’s ldap info.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    4. Under LDAPBaseDN put your LDAP info for the OU with your users.
      CN=Barneck\, Jared,OU=MyDepartment,OU=MyCity,DC=corp,DC=MyDomain,DC=tld:MyPasswd!

       

    5. Under LDAPuidattribute put sAMAccountName.

      sAMAccountName

       

    6. At the bottom of the web page click the Save Changes button.
  5. test Authentication.
    1. Either log out or use a different browser or a different machine and connect to your bugzilla url: 
      http://myserver/bugzilla

       

    2. Log in using an Active Directory account. I was unsure if I was supposed use an email or my username and it worked using my Domain user name, JBarneck, and my Domain password.

    I hope this helps all of you get Bugzilla to authenticate using Active Directory much faster than if you had to scour the web for problems.


    Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com. 

7 Comments

  1. Fredrik Ekström says:

    Is it possible to use the mailadress and password as values in LDAPbinddn? Since all of our users exist in AD i want to use these values they put in and not my account.
    Or even better if i can get Bugzilla to use windows username and the password in the password field as credentials in LDAPbinddn.

  2. testing captcha says:

    testing captcha only

  3. novice says:

    I want to ldap with kerberos...how should i configure buzilla for that?

  4. jessicastweenweekly123 says:

    Very interesting subject, regards for putting up. jessicastweenweekly1234's JimdoPage http://www.0312bike.net/forum.php?mod=viewthread&tid=8441

  5. Eriol says:

    Hi,
    The 2nd LDAPBaseDN example is wrong. That can be the problem for Telvin.
    Cheers!

  6. LanDesk have updated the location for thier trial downloads - the new location is:
    http://www.landesk.com/support/product-downloads.aspx

  7. Telvin says:

    Hi thanks for this doc . Could you please provide steps for bugzilla ldap configuraion in windows . please include all the modules and dll required in windows to succefully authenticate ldap with AD . I am stuck with this .always getting this error .

    Failed to bind LDAP serevr 525 vece error . help is really appreciated . thank you for your time and thank you once again for this wonderfull doc .

Leave a Reply to Telvin

How to post code in comments?