/ Active Directory

Enable Active Directory user authentication mechanism in Bugzilla

I was struggling some time to configure Bugzilla to use my Active Directory server, so let me share with you my experiences in this topic.

First log in to your Bugzilla web page using normal DB credentials with administrative privileges.

Next, go to Administration->Parameters->User Authentication and under user_verify_class section move the LDAP entry to the first position keeping DB right below LDAP and above the “active/inactive” line.

Now we need to configure the LDAP connection. In the Parameters page on the left side select LDAP entry and configure the connection as follows:

LDAPserver – the IP, FQDN or CNAME of your domain controller. It can be also provided as a connection string starting with ldap:// for connection without TLS, ldaps:// for SSL-enabled connection, ldapi:// for socket-based connection.

For SSL-enabled connection you need Net::SSLeay module installed on the box hosting your installation of Bugzilla. See this blog post for some useful tips.

LDAPbinddn – if your AD server doesn’t allow anonymous queries you need to authenticate against it with any username/password existing in the AD. You need to use following format:

CN=username,OU=path,OU=to,OU=user's,OU=catalog,DC=company,DC=com:userpassword

Keep in mind that the user password here is visible as plain text.

LDAPBaseDN – you need to tell Bugzilla where to look for users in AD. Use following format:

OU=path,OU=to,OU=users,OU=catalog,DC=company,DC=com

LDAPuidattribute – what is the name of attribute storing users login? Put here sAMAccountName.

LDAPmailattribute – what is the name of attribute storing mail address? Put “mail” here (without the quotes).

Click on “Save changes” and try to log in using AD credentials:

  • login – the same as visible in Active Directory computers and users snap-in in Microsoft Windows.
  • password – AD password for the username provided.

Good luck with connecting your Bugzilla installation to Active Directory!