From 9ccb15f6f063c269cd85f74998d466cbc7d5d35d Mon Sep 17 00:00:00 2001
From: "jake%bugzilla.org" <>
Date: Fri, 4 Apr 2008 11:46:40 +0000
Subject: Bug 211126 - As a part of fixing bug 180642 the directions for using
LDAP authentication has changed.
---
docs/en/xml/glossary.xml | 20 ++++++
docs/en/xml/installation.xml | 163 ++++++++++++++++++++++++++++---------------
2 files changed, 125 insertions(+), 58 deletions(-)
(limited to 'docs/en/xml')
diff --git a/docs/en/xml/glossary.xml b/docs/en/xml/glossary.xml
index d43b699dd..3893094c0 100644
--- a/docs/en/xml/glossary.xml
+++ b/docs/en/xml/glossary.xml
@@ -170,6 +170,26 @@
particular task.
+
+
+ contrib
+
+
+ The contrib directory is
+ a location to put scripts that have been contributed to Bugzilla but
+ are not a part of the official distribution. These scripts are written
+ by third parties and may be in languages other than perl. For those
+ that are in perl, there may be additional modules or other requirements
+ than those of the offical distribution.
+
+ Scripts in the contrib
+ directory are not offically supported by the Bugzilla team and may
+ break in between versions.
+
+
+
+
+
diff --git a/docs/en/xml/installation.xml b/docs/en/xml/installation.xml
index b067ce413..02dff197c 100644
--- a/docs/en/xml/installation.xml
+++ b/docs/en/xml/installation.xml
@@ -1,5 +1,5 @@
-
+
Installation
@@ -937,15 +937,22 @@ man 5 crontab
LDAP Authentication
-
-
- This information on using the LDAP
- authentication options with Bugzilla is old, and the authors do
- not know of anyone who has tested it. Approach with caution.
+
+
+ LDAP authentication has been rewritten for the 2.18 release of
+ Bugzilla. It no longer requires the Mozilla::LDAP module and now uses
+ Net::LDAP instead. This rewrite was part of a larger landing that
+ allowed for additional authentication schemes to be easily added
+ (bug
+ 180642).
+
+ This patch originally landed in 21-Mar-2003 and was included
+ in the 2.17.4 development release.
-
-
-
+ ]]>
+
+
The existing authentication
scheme for Bugzilla uses email addresses as the primary user ID, and a
@@ -964,58 +971,98 @@ man 5 crontab
email address, not LDAP username. You still assign bugs by email
address, query on users by email address, etc.
+
+
+ Because the Bugzilla account is not created until the first time
+ a user logs in, a user who has not yet logged is unknown to Bugzilla.
+ This means they cannot be used as an assignee or QA contact (default or
+ otherwise), added to any cc list, or any other such operation. One
+ possible workaround is the bugzilla_ldapsync.rb
+ script in the
+ contrib directory. Another possible solution is fixing
+ bug
+ 201069.
+
+
- Using LDAP for Bugzilla authentication requires the
- Mozilla::LDAP (aka PerLDAP) Perl module. The
- Mozilla::LDAP module in turn requires Netscape's Directory SDK for C.
- After you have installed the SDK, then install the PerLDAP module.
- Mozilla::LDAP and the Directory SDK for C are both
- available for
- download from mozilla.org.
-
-
-
- Set the Param 'useLDAP' to "On" **only** if you will be using an LDAP
- directory for
- authentication. Be very careful when setting up this parameter; if you
- set LDAP authentication, but do not have a valid LDAP directory set up,
- you will not be able to log back in to Bugzilla once you log out. (If
- this happens, you can get back in by manually editing the data/params
- file, and setting useLDAP back to 0.)
-
-
- If using LDAP, you must set the
- three additional parameters: Set LDAPserver to the name (and optionally
- port) of your LDAP server. If no port is specified, it defaults to the
- default port of 389. (e.g "ldap.mycompany.com" or
- "ldap.mycompany.com:1234") Set LDAPBaseDN to the base DN for searching
- for users in your LDAP directory. (e.g. "ou=People,o=MyCompany") uids
- must be unique under the DN specified here. Set LDAPmailattribute to
- the name of the attribute in your LDAP directory which contains the
- primary email address. On most directory servers available, this is
- "mail", but you may need to change this.
-
-
- You can also try using
- OpenLDAP with Bugzilla, using any of a number of administration
- tools. You should apply the patch attached to
- bug 158630
- , then set the following object classes for your users:
+ Parameters required to use LDAP Authentication:
-
- objectClass: person
- objectClass: organizationalPerson
- objectClass: inetOrgPerson
- objectClass: top
- objectClass: posixAccount
- objectClass: shadowAccount
-
+
+
+ loginmethod
+
+ This parameter should be set to LDAP
+ only if you will be using an LDAP directory
+ for authentication. If you set this param to LDAP
but
+ fail to set up the other parameters listed below you will not be
+ able to log back in to Bugzilla one you log out. If this happens
+ to you, you will need to manually edit
+ data/params and set loginmethod to
+ DB
.
+
+
+
+
+
+ LDAPserver
+
+ This parameter should be set to the name (and optionally the
+ port) of your LDAP server. If no port is specified, it assumes
+ the default LDAP port of 389.
+
+ Ex. ldap.company.com
+ or ldap.company.com:3268
+
+
+
+
+
+ LDAPbinddn [Optional]
+
+ Some LDAP servers will not allow an anonymous bind to search
+ the directory. If this is the case with your configuration you
+ should set the LDAPbinddn parameter to the user account Bugzilla
+ should use instead of the anonymous bind.
+
+ Ex. cn=default,cn=user:password
+
+
+
+
+ LDAPBaseDN
+
+ The LDAPBaseDN parameter should be set to the location in
+ your LDAP tree that you would like to search for e-mail addresses.
+ Your uids should be unique under the DN specified here.
+
+ Ex. ou=People,o=Company
+
+
+
+
+ LDAPuidattribute
+
+ The LDAPuidattribute parameter should be set to the attribute
+ which contains the unique UID of your users. The value retrieved
+ from this attribute will be used when attempting to bind as the
+ user to confirm their password.
+
+ Ex. uid
+
+
+
+
+ LDAPmailattribute
+
+ The LDAPmailattribute parameter should be the name of the
+ attribute which contains the e-mail address your users will enter
+ into the Bugzilla login boxes.
+
+ Ex. mail
+
+
+
- Please note that this patch has not yet been
- accepted by the Bugzilla team, and so you may need to do some
- manual tweaking. That said, it looks like Net::LDAP is probably
- the way to go in the future.
-