Bugzilla has a number of optional features. This section describes how to configure or enable them.
If you have installed the necessary Perl modules you can start collecting statistics for the nifty Bugzilla graphs.
bash# crontab -e |
This should bring up the crontab file in your editor. Add a cron entry like this to run collectstats.pl daily at 5 after midnight:
5 0 * * * cd <your-bugzilla-directory> ; ./collectstats.pl |
After two days have passed you'll be able to view bug graphs from the Reports page.
As well as the text-based dependency trees, Bugzilla also supports a graphical view of dependency relationships, using a package called 'dot'. Exactly how this works is controlled by the 'webdotbase' parameter, which can have one of three values:
A complete file path to the command 'dot' (part of GraphViz) will generate the graphs locally
A URL prefix pointing to an installation of the webdot package will generate the graphs remotely
A blank value will disable dependency graphing.
The easiest way to get this working is to install GraphViz. If you do that, you need to enable server-side image maps in Apache. Alternatively, you could set up a webdot server, or use the AT&T public webdot server. This is the default for the webdotbase param, but it's often overloaded and slow. Note that AT&T's server won't work if Bugzilla is only accessible using HARTS. Editor's note: What the heck is HARTS? Google doesn't know...
What good are bugs if they're not annoying? To help make them more so you can set up Bugzilla's automatic whining system to complain at engineers which leave their bugs in the NEW or REOPENED state without triaging them.
This can be done by adding the following command as a daily crontab entry, in the same manner as explained above for bug graphs. This example runs it at 12.55am.
55 0 * * * cd <your-bugzilla-directory> ; ./whineatnews.pl |
Patch Viewer is the engine behind Bugzilla's graphical display of code patches. You can integrate this with copies of the cvs, lxr and bonsai tools if you have them, by giving the locations of your installation of these tools in editparams.cgi.
Patch Viewer also optionally will use the cvs, diff and interdiff command-line utilities if they exist on the system. Interdiff can be obtained from http://cyberelk.net/tim/patchutils/. If these programs are not in the system path, you can configure their locations in localconfig.
LDAP authentication is a module for Bugzilla's plugin authentication architecture.
The existing authentication scheme for Bugzilla uses email addresses as the primary user ID, and a password to authenticate that user. All places within Bugzilla where you need to deal with user ID (e.g assigning a bug) use the email address. The LDAP authentication builds on top of this scheme, rather than replacing it. The initial log in is done with a username and password for the LDAP directory. This then fetches the email address from LDAP and authenticates seamlessly in the standard Bugzilla authentication scheme using this email address. If an account for this address already exists in your Bugzilla system, it will log in to that account. If no account for that email address exists, one is created at the time of login. (In this case, Bugzilla will attempt to use the "displayName" or "cn" attribute to determine the user's full name.) After authentication, all other user-related tasks are still handled by email address, not LDAP username. You still assign bugs by email address, query on users by email address, etc.
Because the Bugzilla account is not created until the first time a user logs in, a user who has not yet logged is unknown to Bugzilla. This means they cannot be used as an assignee or QA contact (default or otherwise), added to any cc list, or any other such operation. One possible workaround is the bugzilla_ldapsync.rb script in the contrib directory. Another possible solution is fixing bug 201069. |
Parameters required to use LDAP Authentication:
This parameter should be set to "LDAP" only if you will be using an LDAP directory for authentication. If you set this param to "LDAP" but fail to set up the other parameters listed below you will not be able to log back in to Bugzilla one you log out. If this happens to you, you will need to manually edit data/params and set loginmethod to "DB".
This parameter should be set to the name (and optionally the port) of your LDAP server. If no port is specified, it assumes the default LDAP port of 389.
Ex. "ldap.company.com" or "ldap.company.com:3268"
Some LDAP servers will not allow an anonymous bind to search the directory. If this is the case with your configuration you should set the LDAPbinddn parameter to the user account Bugzilla should use instead of the anonymous bind.
Ex. "cn=default,cn=user:password"
The LDAPBaseDN parameter should be set to the location in your LDAP tree that you would like to search for email addresses. Your uids should be unique under the DN specified here.
Ex. "ou=People,o=Company"
The LDAPuidattribute parameter should be set to the attribute which contains the unique UID of your users. The value retrieved from this attribute will be used when attempting to bind as the user to confirm their password.
Ex. "uid"
The LDAPmailattribute parameter should be the name of the attribute which contains the email address your users will enter into the Bugzilla login boxes.
Ex. "mail"
It is possible for a Bugzilla user to take advantage of character set encoding ambiguities to inject HTML into Bugzilla comments. This could include malicious scripts. Due to internationalization concerns, we are unable to incorporate by default the code changes suggested by the CERT advisory on this issue. If your installation is for an English speaking audience only, making the change below will prevent this problem.
Simply locate the following line in Bugzilla/CGI.pm:
$self->charset(''); |
$self->charset('ISO-8859-1'); |
It is possible for a user, by mistake or on purpose, to access the database many times in a row which can result in very slow access speeds for other users. If your Bugzilla installation is experiencing this problem, you may install the Apache module mod_throttle which can limit connections by IP address. You may download this module at http://www.snert.com/Software/mod_throttle/. Follow the instructions to install into your Apache install. This module only functions with the Apache web server! The command you need is ThrottleClientIP. See the documentation for more information.
A single-box Bugzilla only requires port 80, plus port 25 if you are using the optional email interface. You should firewall all other ports and/or disable services listening on them.
Many daemons, such as Apache's httpd and MySQL's mysqld default to running as either "root" or "nobody". Running as "root" introduces obvious security problems, but the problems introduced by running everything as "nobody" may not be so obvious. Basically, if you're running every daemon as "nobody" and one of them gets compromised, they all get compromised. For this reason it is recommended that you create a user account for each daemon.