Wiki

User Tools

  • Logged in as: anonymous (anonymous)
  • Log Out

Site Tools

Trace:
mantisbt:active_directory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
mantisbt:active_directory [2009/05/25 21:30] – created vboctormantisbt:active_directory [2013/02/22 04:56] (current) sge
Line 1: Line 1:
-TBD+====== Active directory settings ====== 
 +===== Introduction ===== 
 +The page aims at describing how to configure mantis to connect to Active Directory. 
 +===== General principles ===== 
 +Active Directory can currently be used by mantis for the following usage: 
 +  * Check user password. 
 +  * Retrieve user mail address (optional). 
 +Users must be created manually in mantis using the same login as in Active Directory. 
 + 
 +The way it proceeds is the following: 
 +  - Connect to Active Directory using LDAP protocol to search user by its login - A generic account is used for that purpose. 
 +  - If an entry was found, bind to Active Directory using dn entry found and the password provided by user. If several entries are found, each of them is tried until one successes. 
 +  - If the connection is a success, and if the option is activated, the user mail address is retrieved from Active Directory. 
 + 
 +===== General LDAP configuration ===== 
 +The following parameters must be set in the config_inc.php file: 
 +  * $g_login_method = LDAP; 
 +  * $g_ldap_server = 'ldap://yourservername:389'; # or $g_ldap_server = 'ldaps://yourservername:636'; 
 +  * Do not use $g_ldap_port since it is depricated 
 +  * $g_ldap_root_dn = "OU=your_organization_RDN,DC=your_organization_RDN,DC=your_organization_RDN"; # The root DN where to search users e.g. 'ou=people,dc=example,dc=com' 
 +  * $g_ldap_bind_dn = 'full_DN_entry_for_generic_user';  # A system account to login to LDAP e.g. 'cn=Robert Smith,ou=people,dc=example,dc=com' 
 +  * $g_ldap_bind_passwd = '******';         # System account password 
 +  * $g_ldap_organization = ''; # This is additional filter that may be added to search query - you should first leave it empty and may add a filter later for optimization. e.g. '(objectClass=person)' 
 + 
 +If you want to use user e-mail address defined in Active Directory instead of the one defined when creating mantis account you must add the following parameter: 
 +  * $g_use_ldap_email = ON; 
 + 
 +===== Specific Active Directory configuration ===== 
 +You must add the following parameters in the config_inc.php file: 
 +  * $g_ldap_protocol_version = 3; 
 +  * $g_ldap_uid_field= 'sAMAccountName'; # Use 'sAMAccountName' for Active Directory - this is the name of the attribute used to search a user 
 + 
 +Additionally, make sure not to use the root of your domain for $g_ldap_root_dn parameter. If you bind to the root of your domain, i.e. just dc=company,dc=com, then Active Directory, in addition to the search results you expected, will also return referrals to the other directory partitions which would confuse current implementation and cause an error. 
mantisbt/active_directory.1243301440.txt.gz · Last modified: 2009/05/29 03:42 (external edit)
CC Attribution-Noncommercial-Share Alike 4.0 International Driven by DokuWiki