Testlink 1.9.5 LDAP authentication

Ask community to help.

Moderators: Amaradana, TurboPT, TL Developers

Testlink 1.9.5 LDAP authentication

Postby Sygit » Thu Jan 31, 2013 7:51 am

Hello

I have installed a Testlink 1.9.5 on my company's Linux server. What I would like to do is to integrate Testlink with AD domain thanks to LDAP authentication.

I configured LDAP authentication as follows

$tlCfg->authentication['method'] = 'LDAP';

** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://bp4.bpsa.pl';
$tlCfg->authentication['ldap_port'] = '3269';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'DC=bpsa,DC=pl';
//$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'testlink@bpsa.pl'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = '*********'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls

/** Enable/disable Users to create accounts on login page */
$tlCfg->user_self_signup = TRUE;

I use my AD domain's account but it doesn't work. Testlink reponses that login/password is incorrect.

Can anyone help ?
Sygit
TestLink user
 
Posts: 2
Joined: Wed Jan 30, 2013 6:50 pm

Re: Testlink 1.9.5 LDAP authentication

Postby GunnarD » Thu Jan 31, 2013 10:29 am

ldap_bind_dn should point to where in you AD structur your bind user.

ex: CN=testlink,OU=Users,DC=bpsa,DC=pl
GunnarD
 

Re: Testlink 1.9.5 LDAP authentication

Postby Sygit » Fri Feb 01, 2013 8:33 am

I configured as follows

/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://mycompany.pl';
$tlCfg->authentication['ldap_port'] = '3269';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'dc=*****,dc=pl';
//$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'cn=testlink,ou=******,dc=mycompany,dc=pl'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = '*********'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls

But still it is not working. in Logs no reason is mentioned.

any ideas ?
Sygit
TestLink user
 
Posts: 2
Joined: Wed Jan 30, 2013 6:50 pm

Re: Testlink 1.9.5 LDAP authentication

Postby sander_pool » Fri Mar 08, 2013 5:51 pm

Hi,

I'm having the same problem. Looking at the code there are no log statements in this section at all so it is hard to debug what's going on. It almost looks like TL expects a user record in the database before it will even reach out to the LDAP server. Around line 48 in doAuthorize.php:

Code: Select all
      $login_exists = ($user->readFromDB($db,tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK);
      if ($login_exists)
      {
         $password_check = auth_does_password_match($user,$pwd);


But frankly I'm flying blind. Any help from the authors on how to debug LDAP connectivity would be appreciated. The manual makes it seem like this is a straightforward configuration but maybe there are some subtle things we need to be aware of?

Thanks,

Sander
Principal QA Automation Engineer at Somewhere
sander_pool
TestLink user
 
Posts: 12
Joined: Thu May 10, 2012 8:17 pm
Location: CT - USA

Re: Testlink 1.9.5 LDAP authentication

Postby fman » Fri Mar 08, 2013 6:10 pm

User need to be created on TL database before to be able to login no matter authentication method you use.
fman
Member of TestLink Community
 
Posts: 3063
Joined: Tue Nov 15, 2005 7:19 am

Re: Testlink 1.9.5 LDAP authentication

Postby sander_pool » Fri Mar 08, 2013 6:47 pm

Well that is very unfortunate and rather negates the whole point of LDAP authentication. Could you please consider adding a line to that effect to the install manual near where LDAP is being discussed? I'll have to write a script that automatically keeps the TL and LDAP user databases in sync.
Principal QA Automation Engineer at Somewhere
sander_pool
TestLink user
 
Posts: 12
Joined: Thu May 10, 2012 8:17 pm
Location: CT - USA

Re: Testlink 1.9.5 LDAP authentication

Postby fman » Sat Mar 09, 2013 8:23 am

>> Well that is very unfortunate and rather negates the whole point of LDAP authentication
That's is your opinion.
On Mantis there is an option to create the user automatically is do not exist on DB.
Anyway you will need to administer the user on TL (as happens on any system I've used till today) because specific TL attributes are not
managed on LDAP Tree.
Then I understand this automatic creation can simplify the administration but is not a BLOCKING (with capital letters) point.
IN the past Knowledge Tree App, had an utility to IMPORT user from an LDAP Directory.
fman
Member of TestLink Community
 
Posts: 3063
Joined: Tue Nov 15, 2005 7:19 am


Return to Installation and configuration



Who is online

Users browsing this forum: No registered users and 2 guests

cron