AD LDAP Authentication

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
PTalbot
Posts: 2
Joined: 15 Jul 2014, 08:37

AD LDAP Authentication

Post by PTalbot »

I am trying to set up a new install of MantisBT (this is my first time) and I cannot seem to get the active directory LDAP integration to work. It logs into the active directory ok but cannot find anyone. The messages (I managed to switch on a debugging feature) says:
2014-07-15 12:01 FET ldap Binding to LDAP server
2014-07-15 12:01 FET ldap Attempting connection to LDAP URI 'ldap://dc01.dsho.local/'.
2014-07-15 12:01 FET ldap Connection accepted by LDAP server
2014-07-15 12:01 FET ldap Setting LDAP protocol version to 3
2014-07-15 12:01 FET ldap Attempting anonymous bind to ldap server
2014-07-15 12:01 FET ldap Bind to ldap server successful
2014-07-15 12:01 FET ldap Searching for (&(sAMAccountName=Philip Talbot))
2014-07-15 12:01 FET ldap ERROR #1: Operations error
2014-07-15 12:01 FET ldap ldap search failed

The details of the MantisBT I am installing is:
OS: Windows Server 2008 R2
MantisBT Version: 1.2.17
Web server: IIS 7

I have configured the MantisBT config_inc.php file with the following details:
# Login Settings
$g_login_method = LDAP; # Set to MD5 or LDAP
$g_ldap_server = 'ldap://dc01.dsho.local/';
$g_ldap_root_dn = 'DC=dsho,DC=local';
$g_ldap_organization = '';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;

$g_use_ldap_realname = ON;
$g_use_ldap_email = ON;
$g_ldap_organization = '';

$g_log_level = LOG_LDAP;
$g_log_destination = 'file:c:\mantislogs\mantisbt.log';

# $g_ldap_bind_dn = 'DSHO\\AdminLevelUser';
# $g_ldap_bind_passwd ='XXXXXXXXXX';

As you can see I have even tried authenticated access to the AD LDAP with exactly the same result as above (apart from saying that is successfully authenticated the ldap_bind_dn user. I have even tried $g_ldap_organization='(objectClass=*)' which still leads to the same error as before. No matter what I try I always get the same error. Really tearing my hair out on this one. Spiceworks authenticates users against our AD LDAP without any problems but I think it is AD aware as the configuration required for it is very simple..

Using BeaverTail the structure of my AD is structured as follows:
LDAP://RootDSE
++++dsho
++++++++OU=1000 Lakeside (organizationalUnit)
++++++++++++OU=Computers (organizationalUnit)
++++++++++++OU=Contacts (organizationalUnit)
++++++++++++OU=Distribution Groups (organizationalUnit)
++++++++++++OU=Security Groups (organizationalUnit)
++++++++++++OU=Users (organizationalUnit)
++++++++++++++++OU=Head Office (organizationalUnit)
++++++++++++++++++++OU=Account Managers (organizationalUnit)
++++++++++++++++++++++++CN=Fred Bloggs (user)
++++++++++++++++++++OU=Boardroom (organizationalUnit)
++++++++++++++++++++OU=Chief Executive (organizationalUnit)
++++++++++++++++++++++++CN=Kilroy Wazzere (user)
++++++++++++++++++++OU=Communications (organizationalUnit)
++++++++++++++++++++OU=Contact Centre (organizationalUnit)
++++++++++++++++++++OU=Field Operations (organizationalUnit)
++++++++++++++++++++OU=General (organizationalUnit)
++++++++++++++++++++OU=Helpdesk (organizationalUnit)
++++++++++++++++++++++++CN=Gordon Bennett (user)
++++++++++++++++++++OU=IT (organizationalUnit)
++++++++++++++++++++++++OU=Admin Users (organizationalUnit)
++++++++++++++++++++++++OU=IT Support Team (organizationalUnit)
++++++++++++++++++++++++OU=Software Development (organizationalUnit)
++++++++++++++++++++++++++++CN=Philip Talbot (user)
++++++++++++++++++++OU=Project Team (organizationalUnit)
++++++++++++++++++++OU=SMT (organizationalUnit)
....etc

As you can see the users are at different levels in the organizational hierarchy (I have only included a couple of users - there are quite a few in reality). There is only one AD domain in the company.

Please, please, please can anyone suggest what I need to configure to get the LDAP working!
ME_AS
Posts: 5
Joined: 30 Jul 2014, 12:39

Re: AD LDAP Authentication

Post by ME_AS »

Hey,

first of all, i would suggest the config_local.php for your changes, it will be loaded within the config_inc.php file and as far as i can remember it stays if you upgrade mantis in future.


$g_login_method = LDAP;
$g_ldap_server = 'dc01.dsho.local:389';
$g_ldap_root_dn = 'OU=users,OU=1000 Lakeside,DC=dsho,DC=local'; # im not sure about the "1000 Lakeside"
#$g_ldap_organization = '';
$g_ldap_uid_field = 'sAMAccountName';
$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;

$g_use_ldap_realname = ON;
$g_use_ldap_email = ON;

$g_log_level = LOG_LDAP;
$g_log_destination = 'file:c:\mantislogs\mantisbt.log';

$g_ldap_bind_dn = 'CN=xxxUseraccountxxx,CN=Users,DC=dsho,DC=local,'; # Account to login and read your LDAP - no need to be admin
$g_ldap_bind_passwd ='XXXXXXXXXX'; # PW for the xxxUseraccountxxx
PTalbot
Posts: 2
Joined: 15 Jul 2014, 08:37

Re: AD LDAP Authentication

Post by PTalbot »

Thank you for replying ME_AS. We decided not to go the LDAP route as we needed to get the BT system up and running ASAP. I will revisit this again one day when I have the time.
ekesaf
Posts: 9
Joined: 28 Dec 2020, 06:42

Re: AD LDAP Authentication

Post by ekesaf »

Hi,
I have 2 questions.
first one is I don’t want to import all the users under AD.
and second one is that on AD there are more info other then email and real name, like departmant or telefone number. Also I want to add them on mantis. Is it possible?
Post Reply