diff options
Diffstat (limited to 'docs/html/extraconfig.html')
| -rw-r--r-- | docs/html/extraconfig.html | 742 |
1 files changed, 0 insertions, 742 deletions
diff --git a/docs/html/extraconfig.html b/docs/html/extraconfig.html deleted file mode 100644 index 0994386c2..000000000 --- a/docs/html/extraconfig.html +++ /dev/null @@ -1,742 +0,0 @@ -<HTML -><HEAD -><TITLE ->Optional Additional Configuration</TITLE -><META -NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ -"><LINK -REL="HOME" -TITLE="The Bugzilla Guide - 2.17.7 - Development Release" -HREF="index.html"><LINK -REL="UP" -TITLE="Installing Bugzilla" -HREF="installing-bugzilla.html"><LINK -REL="PREVIOUS" -TITLE="Configuration" -HREF="configuration.html"><LINK -REL="NEXT" -TITLE="OS-Specific Installation Notes" -HREF="os-specific.html"></HEAD -><BODY -CLASS="section" -BGCOLOR="#FFFFFF" -TEXT="#000000" -LINK="#0000FF" -VLINK="#840084" -ALINK="#0000FF" -><DIV -CLASS="NAVHEADER" -><TABLE -SUMMARY="Header navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TH -COLSPAN="3" -ALIGN="center" ->The Bugzilla Guide - 2.17.7 - Development Release</TH -></TR -><TR -><TD -WIDTH="10%" -ALIGN="left" -VALIGN="bottom" -><A -HREF="configuration.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="80%" -ALIGN="center" -VALIGN="bottom" ->Chapter 2. Installing Bugzilla</TD -><TD -WIDTH="10%" -ALIGN="right" -VALIGN="bottom" -><A -HREF="os-specific.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -></TABLE -><HR -ALIGN="LEFT" -WIDTH="100%"></DIV -><DIV -CLASS="section" -><H1 -CLASS="section" -><A -NAME="extraconfig" -></A ->2.3. Optional Additional Configuration</H1 -><P -> Bugzilla has a number of optional features. This section describes how - to configure or enable them. - </P -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="AEN584" -></A ->2.3.1. Bug Graphs</H2 -><P ->If you have installed the necessary Perl modules you - can start collecting statistics for the nifty Bugzilla - graphs.</P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="screen" -><TT -CLASS="prompt" ->bash#</TT -> <B -CLASS="command" ->crontab -e</B -></PRE -></FONT -></TD -></TR -></TABLE -><P -> This should bring up the crontab file in your editor. - Add a cron entry like this to run - <TT -CLASS="filename" ->collectstats.pl</TT -> - daily at 5 after midnight: - </P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" ->5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl</PRE -></FONT -></TD -></TR -></TABLE -><P ->After two days have passed you'll be able to view bug graphs from - the Reports page.</P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="AEN594" -></A ->2.3.2. Dependency Charts</H2 -><P ->As well as the text-based dependency trees, Bugzilla also - supports a graphical view of dependency relationships, using a - package called 'dot'. - Exactly how this works is controlled by the 'webdotbase' parameter, - which can have one of three values: - </P -><P -> <P -></P -><OL -TYPE="1" -><LI -><P -> A complete file path to the command 'dot' (part of - <A -HREF="http://www.graphviz.org/" -TARGET="_top" ->GraphViz</A ->) - will generate the graphs locally - </P -></LI -><LI -><P -> A URL prefix pointing to an installation of the webdot package will - generate the graphs remotely - </P -></LI -><LI -><P -> A blank value will disable dependency graphing. - </P -></LI -></OL -> - </P -><P ->The easiest way to get this working is to install - <A -HREF="http://www.graphviz.org/" -TARGET="_top" ->GraphViz</A ->. If you - do that, you need to - <A -HREF="http://httpd.apache.org/docs/mod/mod_imap.html" -TARGET="_top" ->enable - server-side image maps</A -> in Apache. - Alternatively, you could set up a webdot server, or use the AT&T - public webdot server. This is the default for the webdotbase param, - but it's often overloaded and slow. Note that AT&T's server - won't work - if Bugzilla is only accessible using HARTS. - <EM ->Editor's note: What the heck is HARTS? Google doesn't know... - </EM -> - </P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="AEN610" -></A ->2.3.3. The Whining Cron</H2 -><P ->What good are - bugs if they're not annoying? To help make them more so you - can set up Bugzilla's automatic whining system to complain at engineers - which leave their bugs in the NEW or REOPENED state without triaging them. - </P -><P -> - This can be done by - adding the following command as a daily crontab entry, in the same manner - as explained above for bug graphs. This example runs it at 12.55am. - </P -><TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" ->55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl</PRE -></FONT -></TD -></TR -></TABLE -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="patch-viewer" -></A ->2.3.4. Patch Viewer</H2 -><P -> Patch Viewer is the engine behind Bugzilla's graphical display of - code patches. You can integrate this with copies of the - <TT -CLASS="filename" ->cvs</TT ->, <TT -CLASS="filename" ->lxr</TT -> and - <TT -CLASS="filename" ->bonsai</TT -> tools if you have them, by giving - the locations of your installation of these tools in - <TT -CLASS="filename" ->editparams.cgi</TT ->. - </P -><P -> Patch Viewer also optionally will use the - <TT -CLASS="filename" ->cvs</TT ->, <TT -CLASS="filename" ->diff</TT -> and - <TT -CLASS="filename" ->interdiff</TT -> - command-line utilities if they exist on the system. - Interdiff can be obtained from - <A -HREF="http://cyberelk.net/tim/patchutils/" -TARGET="_top" ->http://cyberelk.net/tim/patchutils/</A ->. - If these programs are not in the system path, you can configure - their locations in <TT -CLASS="filename" ->localconfig</TT ->. - </P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="bzldap" -></A ->2.3.5. LDAP Authentication</H2 -><P ->LDAP authentication is a module for Bugzilla's plugin - authentication architecture. - </P -><P -> The existing authentication - scheme for Bugzilla uses email addresses as the primary user ID, and a - password to authenticate that user. All places within Bugzilla where - you need to deal with user ID (e.g assigning a bug) use the email - address. The LDAP authentication builds on top of this scheme, rather - than replacing it. The initial log in is done with a username and - password for the LDAP directory. This then fetches the email address - from LDAP and authenticates seamlessly in the standard Bugzilla - authentication scheme using this email address. If an account for this - address already exists in your Bugzilla system, it will log in to that - account. If no account for that email address exists, one is created at - the time of login. (In this case, Bugzilla will attempt to use the - "displayName" or "cn" attribute to determine the user's full name.) - After authentication, all other user-related tasks are still handled by - email address, not LDAP username. You still assign bugs by email - address, query on users by email address, etc. - </P -><DIV -CLASS="caution" -><P -></P -><TABLE -CLASS="caution" -WIDTH="100%" -BORDER="0" -><TR -><TD -WIDTH="25" -ALIGN="CENTER" -VALIGN="TOP" -><IMG -SRC="../images/caution.gif" -HSPACE="5" -ALT="Caution"></TD -><TD -ALIGN="LEFT" -VALIGN="TOP" -><P ->Because the Bugzilla account is not created until the first time - a user logs in, a user who has not yet logged is unknown to Bugzilla. - This means they cannot be used as an assignee or QA contact (default or - otherwise), added to any cc list, or any other such operation. One - possible workaround is the <TT -CLASS="filename" ->bugzilla_ldapsync.rb</TT -> - script in the - <A -HREF="glossary.html#gloss-contrib" -><I -CLASS="glossterm" -><TT -CLASS="filename" ->contrib</TT -></I -></A -> directory. Another possible solution is fixing - <A -HREF="http://bugzilla.mozilla.org/show_bug.cgi?id=201069" -TARGET="_top" ->bug - 201069</A ->. - </P -></TD -></TR -></TABLE -></DIV -><P ->Parameters required to use LDAP Authentication:</P -><P -></P -><DIV -CLASS="variablelist" -><DL -><DT -><A -NAME="param-loginmethod" -></A ->loginmethod</DT -><DD -><P ->This parameter should be set to <SPAN -CLASS="QUOTE" ->"LDAP"</SPAN -> - <EM ->only</EM -> if you will be using an LDAP directory - for authentication. If you set this param to <SPAN -CLASS="QUOTE" ->"LDAP"</SPAN -> but - fail to set up the other parameters listed below you will not be - able to log back in to Bugzilla one you log out. If this happens - to you, you will need to manually edit - <TT -CLASS="filename" ->data/params</TT -> and set loginmethod to - <SPAN -CLASS="QUOTE" ->"DB"</SPAN ->. - </P -></DD -><DT -><A -NAME="param-LDAPserver" -></A ->LDAPserver</DT -><DD -><P ->This parameter should be set to the name (and optionally the - port) of your LDAP server. If no port is specified, it assumes - the default LDAP port of 389. - </P -><P ->Ex. <SPAN -CLASS="QUOTE" ->"ldap.company.com"</SPAN -> - or <SPAN -CLASS="QUOTE" ->"ldap.company.com:3268"</SPAN -> - </P -></DD -><DT -><A -NAME="param-LDAPbinddn" -></A ->LDAPbinddn [Optional]</DT -><DD -><P ->Some LDAP servers will not allow an anonymous bind to search - the directory. If this is the case with your configuration you - should set the LDAPbinddn parameter to the user account Bugzilla - should use instead of the anonymous bind. - </P -><P ->Ex. <SPAN -CLASS="QUOTE" ->"cn=default,cn=user:password"</SPAN -></P -></DD -><DT -><A -NAME="param-LDAPBaseDN" -></A ->LDAPBaseDN</DT -><DD -><P ->The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for email addresses. - Your uids should be unique under the DN specified here. - </P -><P ->Ex. <SPAN -CLASS="QUOTE" ->"ou=People,o=Company"</SPAN -></P -></DD -><DT -><A -NAME="param-LDAPuidattribute" -></A ->LDAPuidattribute</DT -><DD -><P ->The LDAPuidattribute parameter should be set to the attribute - which contains the unique UID of your users. The value retrieved - from this attribute will be used when attempting to bind as the - user to confirm their password. - </P -><P ->Ex. <SPAN -CLASS="QUOTE" ->"uid"</SPAN -></P -></DD -><DT -><A -NAME="param-LDAPmailattribute" -></A ->LDAPmailattribute</DT -><DD -><P ->The LDAPmailattribute parameter should be the name of the - attribute which contains the email address your users will enter - into the Bugzilla login boxes. - </P -><P ->Ex. <SPAN -CLASS="QUOTE" ->"mail"</SPAN -></P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="content-type" -></A ->2.3.6. Prevent users injecting malicious - Javascript</H2 -><P ->It is possible for a Bugzilla user to take advantage of character - set encoding ambiguities to inject HTML into Bugzilla comments. This - could include malicious scripts. - Due to internationalization concerns, we are unable to - incorporate by default the code changes suggested by - <A -HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html#3" -TARGET="_top" -> the CERT advisory</A -> on this issue. - If your installation is for an English speaking audience only, making the - change below will prevent this problem. - </P -><P ->Simply locate the following line in - <TT -CLASS="filename" ->Bugzilla/CGI.pm</TT ->: - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" ->$self->charset('');</PRE -></FONT -></TD -></TR -></TABLE -> - and change it to: - <TABLE -BORDER="0" -BGCOLOR="#E0E0E0" -WIDTH="100%" -><TR -><TD -><FONT -COLOR="#000000" -><PRE -CLASS="programlisting" ->$self->charset('ISO-8859-1');</PRE -></FONT -></TD -></TR -></TABLE -> - </P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="mod-throttle" -></A ->2.3.7. <TT -CLASS="filename" ->mod_throttle</TT -></H2 -><P ->It is possible for a user, by mistake or on purpose, to access - the database many times in a row which can result in very slow access - speeds for other users. If your Bugzilla installation is experiencing - this problem, you may install the Apache module - <TT -CLASS="filename" ->mod_throttle</TT -> - which can limit connections by IP address. You may download this module - at - <A -HREF="http://www.snert.com/Software/mod_throttle/" -TARGET="_top" ->http://www.snert.com/Software/mod_throttle/</A ->. - Follow the instructions to install into your Apache install. - <EM ->This module only functions with the Apache web - server!</EM -> - The command you need is - <B -CLASS="command" ->ThrottleClientIP</B ->. See the - <A -HREF="http://www.snert.com/Software/mod_throttle/" -TARGET="_top" ->documentation</A -> - for more information.</P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="security-networking" -></A ->2.3.8. TCP/IP Ports</H2 -><P ->A single-box Bugzilla only requires port 80, plus port 25 if - you are using the optional email interface. You should firewall all - other ports and/or disable services listening on them. - </P -></DIV -><DIV -CLASS="section" -><H2 -CLASS="section" -><A -NAME="security-daemon" -></A ->2.3.9. Daemon Accounts</H2 -><P ->Many daemons, such as Apache's httpd and MySQL's mysqld default to - running as either <SPAN -CLASS="QUOTE" ->"root"</SPAN -> or <SPAN -CLASS="QUOTE" ->"nobody"</SPAN ->. Running - as <SPAN -CLASS="QUOTE" ->"root"</SPAN -> introduces obvious security problems, but the - problems introduced by running everything as <SPAN -CLASS="QUOTE" ->"nobody"</SPAN -> may - not be so obvious. Basically, if you're running every daemon as - <SPAN -CLASS="QUOTE" ->"nobody"</SPAN -> and one of them gets compromised, they all get - compromised. For this reason it is recommended that you create a user - account for each daemon. - </P -></DIV -></DIV -><DIV -CLASS="NAVFOOTER" -><HR -ALIGN="LEFT" -WIDTH="100%"><TABLE -SUMMARY="Footer navigation table" -WIDTH="100%" -BORDER="0" -CELLPADDING="0" -CELLSPACING="0" -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" -><A -HREF="configuration.html" -ACCESSKEY="P" ->Prev</A -></TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="index.html" -ACCESSKEY="H" ->Home</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" -><A -HREF="os-specific.html" -ACCESSKEY="N" ->Next</A -></TD -></TR -><TR -><TD -WIDTH="33%" -ALIGN="left" -VALIGN="top" ->Configuration</TD -><TD -WIDTH="34%" -ALIGN="center" -VALIGN="top" -><A -HREF="installing-bugzilla.html" -ACCESSKEY="U" ->Up</A -></TD -><TD -WIDTH="33%" -ALIGN="right" -VALIGN="top" ->OS-Specific Installation Notes</TD -></TR -></TABLE -></DIV -></BODY -></HTML ->
\ No newline at end of file |