LDAP authentication and configuration

[solex_kagepogu]

I'm new to TestLink. I want to configure LDAP in the TestLink of Version - 1.9.14. Can anyone brief the steps to follow for proper authentication. When i tried it showing Wrong Username and Password in the Login Page. I made the below code changes. Can you please verify it.

Code: Select all

$tlCfg->authentication['method'] = 'LDAP';

$tlCfg->authentication['ldap_server'] = 'ldap_server_ip';
$tlCfg->authentication['ldap_port'] = 'ldap_port';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'DC=sample,DC=company,DC=local';
$tlCfg->authentication['ldap_bind_dn'] = 'CN=myname,CN=Users,DC=sample,DC=company,DC=local'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = 'password'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls


$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'mysAMAccountName'; // Use 'sAMAccountName' for Active Directory

$tlCfg->authentication['ldap_realname_field'] = 'uid';

User prinncipal name in LDAP is : my.name@sample.company.local .

Can anyone help me regarding this issue

[fman]

1) Please confirm if you are using ACTIVE DIRECTORY or other LDAP Server
2) To do debug is VERY IMPORTANT/CRITIC that you try to access to your ACTIVE DIRECTORY / LDAP Server using an LDAP BROWSER,
this will allow you to test different configuration to be sure config is OK, before trying to use LDAP on TestLink.

3) Critic piece is
$tlCfg->authentication['ldap_uid_field']

because what you will type ON LOGIN FIELD, ON TESTLINK LOGIN SCREEN on user name will be searched on this attribute on the LDAP Tree
without ANY PREFIX OR SUFFIX ADDED.

Till you do not do CHECKS indicated on step (2), no other help can be provided.

[solex_kagepogu]

Hi fman,

I'm using ACTIVE DIRECTORY. I tested those credentials with Softerra LDAP browser and those are working fine.
Could you please brief about the steps to follow for LDAP Authentication from end-to-end and if possible provide some reference links.

Regards

[fman]

I'm using since 2 years ACTIVE DIRE auth without issues.
IN order to help you you need to provide here the detailes test that you have done with the LDAP BROWSER because IMHO I guess your problem is with the username is passed to ACTIVE DIRECTORY.
Without this info no help can be provided.

[solex_kagepogu]

Please brief the steps to follow initially for AD authentication in Testlink. Please check the details below which i passed in LDAP browser.
Parameters i supplied in LDAP Browser

Hostname : ldap_server_ip
Port : 389
Protocol : LDAP v3
Base DN : DC=sample,DC=company,DC=local
Authentication Method : Simple Authentication
User DN : CN=my name,CN=Users,DC=sample,DC=company,DC=local
Password : Password

When i made a search by "sAMAccountName" as "my.name" i got following details
sAMAccountName : my.name
User Principal Name : my.name@sample.company.local
cn : my name
subSchemaSubEntry : CN=Aggregate,CN=Schema,CN=Configuration,DC=sample,DC=company,DC=local.

and i'm passing Username in the Testlink login screen as "my.name"

Are there any pre-conditions for authentication with AD? If so notify me.

[fman]

$tlCfg->authentication['ldap_uid_field'] = 'mysAMAccountName'; <<<< NO GOOD is just a typo error ?

$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // RIGHT CONFIG

and for
$tlCfg->authentication['ldap_bind_dn'] = 'User4Bind'; SIMPLE VALUE <******

[solex_kagepogu]

shall i put
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName';
(or)
$tlCfg->authentication['ldap_uid_field'] = 'my.name';

I didn't get you for $tlCfg->authentication['ldap_bind_dn'] = 'User4Bind'; SIMPLE VALUE <******.
What does it mean? I'm using like this.
$tlCfg->authentication['ldap_bind_dn'] = 'CN=my name,CN=Users,DC=sample,DC=company,DC=local';

Is it correct or not?

[fman]

IMHO comments in config are clear
This is what you need to configure
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName';

ldap_uid_field means what attribute on the entity present on the Directory Tree has to be used as username


I didn't get you for $tlCfg->authentication['ldap_bind_dn'] = 'User4Bind'; SIMPLE VALUE <******.
simple value means that YOU HAVE TO USE the plain username.
OK Maybe the name ldap_bind_dn is not very clear

hope now things are not clear