Testlink 1.9.5 LDAP authentication

[Sygit]

Hello

I have installed a Testlink 1.9.5 on my company's Linux server. What I would like to do is to integrate Testlink with AD domain thanks to LDAP authentication.

I configured LDAP authentication as follows

$tlCfg->authentication['method'] = 'LDAP';

** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://bp4.bpsa.pl';
$tlCfg->authentication['ldap_port'] = '3269';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'DC=bpsa,DC=pl';
//$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'testlink@bpsa.pl'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = '*********'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls

/** Enable/disable Users to create accounts on login page */
$tlCfg->user_self_signup = TRUE;

I use my AD domain's account but it doesn't work. Testlink reponses that login/password is incorrect.

Can anyone help ?

[GunnarD]

ldap_bind_dn should point to where in you AD structur your bind user.

ex: CN=testlink,OU=Users,DC=bpsa,DC=pl

[Sygit]

I configured as follows

/** LDAP authentication credentials */
$tlCfg->authentication['ldap_server'] = 'ldaps://mycompany.pl';
$tlCfg->authentication['ldap_port'] = '3269';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'dc=*****,dc=pl';
//$tlCfg->authentication['ldap_organization'] = ''; // e.g. '(organizationname=*Traffic)'
$tlCfg->authentication['ldap_uid_field'] = 'sAMAccountName'; // Use 'sAMAccountName' for Active Directory
$tlCfg->authentication['ldap_bind_dn'] = 'cn=testlink,ou=******,dc=mycompany,dc=pl'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = '*********'; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls

But still it is not working. in Logs no reason is mentioned.

any ideas ?

[sander_pool]

Hi,

I'm having the same problem. Looking at the code there are no log statements in this section at all so it is hard to debug what's going on. It almost looks like TL expects a user record in the database before it will even reach out to the LDAP server. Around line 48 in doAuthorize.php:

Code: Select all

		$login_exists = ($user->readFromDB($db,tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK); 
		if ($login_exists)
		{
			$password_check = auth_does_password_match($user,$pwd);

But frankly I'm flying blind. Any help from the authors on how to debug LDAP connectivity would be appreciated. The manual makes it seem like this is a straightforward configuration but maybe there are some subtle things we need to be aware of?

Thanks,

Sander

[fman]

User need to be created on TL database before to be able to login no matter authentication method you use.

[sander_pool]

Well that is very unfortunate and rather negates the whole point of LDAP authentication. Could you please consider adding a line to that effect to the install manual near where LDAP is being discussed? I'll have to write a script that automatically keeps the TL and LDAP user databases in sync.

[fman]

>> Well that is very unfortunate and rather negates the whole point of LDAP authentication
That's is your opinion.
On Mantis there is an option to create the user automatically is do not exist on DB.
Anyway you will need to administer the user on TL (as happens on any system I've used till today) because specific TL attributes are not
managed on LDAP Tree.
Then I understand this automatic creation can simplify the administration but is not a BLOCKING (with capital letters) point.
IN the past Knowledge Tree App, had an utility to IMPORT user from an LDAP Directory.