View Issue Details

IDProjectCategoryView StatusLast Update
0028089mantisbtauthenticationpublic2021-04-11 06:03
Reporterduanshd Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0028089: username top-level domain size
Description

Hello,

Does mantisbt supports $g_ldap_uid_field being an user email address (UPN) with a top level domain higher than 4 characters?
Up to 4 there seems to be no issues (e.g. user@domain.work) but higher than that a not found user account error is exposed (e.g. user@domain.works).

How can we achieve such goal?
Is it possible through the configuration of specific variables, or even editing specific php files?

thank you

TagsNo tags attached.

Relationships

duplicate of 0026811 closedcommunity Username regex is too strict by default 

Activities

dregad

dregad

2021-03-18 20:51

developer   ~0065263

As far as I know, MantisBT does not place any restrictions on the contents of the username field; we just issue an LDAP search query like (& g_ldap_organization ( $ g_ldap_uid_field = username )).

I do not know what is wrong, but maybe this is caused by your LDAP server ? Try to set $g_log_level = LOG_LDAP; and review the log file.

duanshd

duanshd

2021-03-19 06:03

reporter   ~0065264

The LDAP server is a functional AD server.
As mentioned no issues when UPN uses a user domain top-level domain up to 4 characters.
Other tools that use such same LDAP server and method have no issues at all.

Did not mentioned before but enabling LOG_LDAP does not produce a single output log line when trying to login with such top-level domain user (higher than 4 characters), while if they are up to such size all LDAP log outputs are seen as expected.

Is there a way (php functions edition or mantis config files) to allow $g_ldap_uid_field = 'userPrincipalName'; to use top-level domains bigger than 4 digits (as mentioned there is a reason to use UPN)?

thanks once again

atrol

atrol

2021-03-19 06:58

developer   ~0065265

Some additional information that might help

  • Exact version of MantisBT, PHP, and Operating System
  • Relevant customizations (e.g. changes in config_inc.php, etc)
  • Installed plugins or custom functions ?
  • Was the MantisBT source code modified in any way ?
dregad

dregad

2021-03-19 13:49

developer   ~0065266

enabling LOG_LDAP does not produce a single output log line

Really ? I find that very hard to believe, as that would imply ldap_authenticate_by_username() is not even being called... I would expect at the very least a Binding to LDAP server message, this log message is output before any actual LDAP operation is performed.

Not having access to a setup like yours, I will not be able to reproduce the problem, you need to give more information for troubleshooting. In addition to what atrol requested, please provide the following:

  • Details about the not found user account error you refer to (preferably with $g_show_detailed_errors = ON; so we get a full stack trace) ?
  • Your actual log output with LOG_LDAP (anonymized if needed)
  • Are there any errors in your PHP system log ?
duanshd

duanshd

2021-03-19 15:54

reporter   ~0065270

MantisBT 2-24.4, PHP 7.4, Ubuntu LTS 20.04

no significant config_inc changes other than ldap auth, using userprincipalname as uid. No other customization on ther config files.

No plugins or custom functions. pretty straight forward install

No modification of mantis source code

again issue only when a user has a upn with a top-level domain bigger than 4 characters!

and yes, no log output when trying to login with such users, when with others (top-level domain up to 4 characters) the log shows expected LDAP binding flow.

This a simply install and not customized and a simple error to reproduce so, either mantis does not support such userprincipalname based uid auth method, or there is a component that does not allow username top-level domain higher than 4 characters.

dregad

dregad

2021-03-22 03:21

developer   ~0065272

a simple error to reproduce

Possibly, but only if one has access to an LDAP environment such as yours, which is not our case.

Unless you provide the information that could help us pinpoint the problem's root cause (see my last note 0028089:0065266, and relevant config_inc.php requested by atrol), we won't be able to help.

duanshd

duanshd

2021-03-23 07:17

reporter   ~0065276

Hello dregad,

apparently this is a known issue and should be resolved on 2.25 release.
May you confirm so that we can give it a try?
https://www.mantisbt.org/bugs/view.php?id=26811