Page 1 of 1

Signup new users automatically vs ldap-authentication

Posted: 12 Jun 2017, 13:04
by elbdude
Hi there,

is ist possible to signup new users automatically via 'mail_auto_signup' while the mantibt is configured with '$g_login_method = LDAP;' AND only users may successful signed up which are members in LDAP?
Hope someone understands me.
Actual I've got MantisBT 2.5.0 with LDAP and EmailReporting 0.10 with mail_auto_signup set to ON running. But mail_auto_signup signs everybody up. I'll need some kind of limitation by LDAP itself or $g_limit_email_domains. Here is my config:

Code: Select all

<?php
$g_hostname               = 'localhost';
$g_db_type                = 'mysqli';
$g_database_name          = 'bugtracker';
$g_db_username            = 'admin';
$g_db_password            = 'xxx';

$g_default_timezone       = 'Europe/Berlin';
$g_default_language	  = 'german';
$g_crypto_master_salt     = 'xxx';
# --- Anonymous Access / Signup ---
$g_allow_signup           = OFF;
$g_allow_anonymous_login        = OFF;
$g_anonymous_account            = '';

# --- Email Configuration ---
$g_enable_email_notification   = ON;
$g_phpMailer_method     = PHPMAILER_METHOD_SMTP;
$g_smtp_host            = 'xxx.xxx.com';
$g_smtp_username        = 'xxx';
$g_smtp_password        = 'xxx';
$g_administrator_email  = 'xxxxxxxxx@xxxx.de';
$g_webmaster_email      = 'xxxxxxxxx@xxxx.de';
$g_from_name            = 'Medienschule Support Tracker';
$g_from_email           = 'xxxxxxxxx@xxxx.de';
$g_return_path_email    = 'xxxxxxxxx@xxxx.de';
$g_limit_email_domains = array( 'medienschule-hamburg.de', 'hibb.hamburg.de' );
$g_smtp_connection_mode = 'tsl';
$g_smtp_port = 587;
$g_email_receive_own    = OFF;
$g_email_send_using_cronjob = OFF;
$g_validate_email = ON;
$g_allow_blank_email    = OFF;
$g_show_detailed_errors = ON;
$g_display_errors = array(
E_WARNING => 'halt',
E_NOTICE => 'halt',
E_USER_ERROR => 'halt',
E_USER_WARNING => 'halt',
E_USER_NOTICE => 'halt'
);

#$g_log_level            = LOG_ALL;
$g_log_level            = LOG_EMAIL | LOG_EMAIL_RECIPIENT | LOG_FILTERING | LOG_AJAX | LOG_LDAP;
$g_log_destination      = 'file:/tmp/mantis/mantis_ldap.log';


/**************************
* MantisBT LDAP Settings *
***************************/
putenv('LDAPTLS_REQCERT=never');
$g_login_method         = LDAP;
$g_ldap_server          = 'ldaps://xxx.xxx.loc:636/';
$g_ldap_root_dn         = 'cn=Users,dc=xxx,dc=loc';
$g_ldap_organization    = '(&(memberOf=CN=xxx,CN=Users,DC=xxx,DC=loc))';
$g_ldap_uid_field       = 'sAMAccountName';
$g_ldap_bind_dn         = 'xxx@xxx.loc';
$g_ldap_bind_passwd     = 'xxx';
$g_use_ldap_email       = ON;
$g_use_ldap_realname    = ON;
$g_ldap_protocol_version = 3;
$g_ldap_follow_referrals = OFF;
$g_ldap_simulation_file_path = '';


# --- Attachments / File Uploads ---
$g_allow_file_upload    = ON;
$g_file_upload_method   = DATABASE; # or DISK
# $g_absolute_path_default_upload_folder = ''; # used with DISK, must contain trailing \ or /.
$g_max_file_size                = 5000000;      # in bytes
$g_preview_attachments_inline_max_size = 256 * 1024;
# $g_allowed_files              = '';           # extensions comma separated, e.g. 'php,html,java,exe,pl'
# $g_disallowed_files           = '';           # extensions comma separated

# --- Branding ---
$g_window_title                 = 'xxx Bug Tracker';
$g_logo_image                   = 'images/mantis_logo.png';
$g_favicon_image                = 'images/favicon.ico';

# --- Real names ---
# $g_show_realname = OFF;
# $g_show_user_realname_threshold = NOBODY;     # Set to access level (e.g. VIEWER, REPORTER, DEVELOPER, MANAGER, etc)

# --- Others ---
# $g_default_home_page = 'my_view_page.php';    # Set to name of page to go to after login
$g_enable_profiles = OFF;
$g_tag_view_threshold = NOBODY;
$g_tag_attach_threshold = NOBODY;
$g_set_view_status_threshold = NOBODY;
$g_change_view_status_threshold = NOBODY;
$g_bug_report_page_fields = array(
'category_id',
'handler',
'summary',
'custom_field_1',
'custom_field_2',
'description',
'attachments',
);


Re: Signup new users automatically vs ldap-authentication

Posted: 12 Jun 2017, 22:33
by SL-Gundam
limit_email_domains would be your only option

But this would result in EmailReporting falling back to the default Reporter user where the domain is invalid so any issue/note would still be registered. If you want to avoid that as well you would need to turn off "Enable fallback to default reporter"