Rhyous

April 19, 2010

Why Bugzilla fails to authenticate a local user when LDAP integration is failing?

Filed under: Bugzilla,FreeBSD — J. Abram barneck @ 3:48 pm

Problem

Authentication fails with the following error even when not using an LDAP user:

Failed to bind to the LDAP server. The error message was: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece�

To me this is a straight up bug.  I am not sure if it is reported.

Cause

Bugzilla will not even try authenticate a local user using another authentication method when LDAP integration is both list first and failing. If LDAP is the first option in the authentication methods, then if the credentials are invalid, it just stops the entire authentication process and returns this error:

Business/Impact

Low.  While this could disallow all logins to the bugzilla web page, including administrator logins.  A server administrator can make a manual change to one of configuration text files.

Resolution

Authentication is configured to use LDAP then DB.  It needs to be reversed, where it tries DB then LDAP.

There is a setting called user_verify_class in Bugzilla that allows you to select the different authentication methods you want to use.  There are two places to access this:

  1. Through the web administration
  2. Through the bugzilla/data/params file

Through Web Administration

Log in as an administrator and go to Administration | Parameters | User Authentication.

Then look for the user_verify_class setting.

Click on DB and click to move it up to the top of the list.

Through the bugzilla/data/params file

Using a text editor, open the params file located under the bugzilla website and under the data folder.

Look for the following line to configure this manually in text:

‘user_verify_class’ => ‘LDAP,DB’,

Change it to:

‘user_verify_class’ => ‘DB,LDAP’,

The user_verify_class setting

This setting allows for enabling and disabling authentication as well as providing the order for enabled authentication methods.

By default only DB is enabled.  But it can be configured so that both DB, and LDAP are enabled and they can be ordered so either is first.  However, LDAP should NOT be first.  The following setting should be used.

‘LDAP,DB’,

Advertisements

1 Comment »

  1. […] Why Bugzilla fails to authenticate a local user when LDAP integration is failing? […]

    Pingback by A Bugzilla authentication dillemma? « Rhyous's 127.0.0.1 or ::1 — April 19, 2010 @ 3:50 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: