Mantis is one of the many bug tracking softwares available out there (Refer: Top Configuration Management). For an internal project at work, I needed a bug tracker and Mantis was the logical choice due to prior experience within the development team. The machine at hand was running on CentOS Release 4.4 and required the following rpm packages:
There were issues with using the community-server rpms for MySQL 5.0.51 as the php-mysql and php-ldap packages weren't compatible. Since, this was going to be an internal bug tracker, and we weren't expecting to use any of the 5.0 features, it was a fair compromise for the power of Apache-PHP-LDAP-Mantis.
We have an existing LDAP server which stores the authentication credentials companywide. Out of the box, Mantis allows for new user sign-up but this would mean that every user in the organization would have to keep track of another set of credentials. Hence, LDAP integration was a must. I expected LDAP authentication to work out of the box but it turned out to be a little more involved. I am a novice when it comes to PHP and it took a little bit of searching and reading manuals to wade my way through the Mantis-PHP maze of code.
In order to help people who want to walk down the same path, I aim to simplify their life by providing steps to achieve this feat:
1. Download Mantis and unzip at /var/www/html (or whatever your DocumentRoot is at in /etc/httpd/conf/httpd.conf) and rename the folder to mantis. As of writing this post, the stable version was mantis-1.1.1
2. A bunch of global Mantis settings are listed in the mantis/config_defaults_inc.php. I tried to override the ones that were relevant to this integration. Here's the file:
3. In the file 'mantis/core/authentication.php', change the lines in the function 'auth_attempt_login' begining "if ( false === $t_user_id ) {" as follows
4. Restart your Apache HTTPD server and validate.
[root@eclipse html]# rpm -q httpd mysql-server php php-mysql php-ldap httpd-2.0.52-28.ent.centos4 mysql-server-4.1.20-1.RHEL4.1 php-4.3.9-3.22.9 php-mysql-4.3.9-3.22.9 php-ldap-4.3.9-3.22.9
There were issues with using the community-server rpms for MySQL 5.0.51 as the php-mysql and php-ldap packages weren't compatible. Since, this was going to be an internal bug tracker, and we weren't expecting to use any of the 5.0 features, it was a fair compromise for the power of Apache-PHP-LDAP-Mantis.
We have an existing LDAP server which stores the authentication credentials companywide. Out of the box, Mantis allows for new user sign-up but this would mean that every user in the organization would have to keep track of another set of credentials. Hence, LDAP integration was a must. I expected LDAP authentication to work out of the box but it turned out to be a little more involved. I am a novice when it comes to PHP and it took a little bit of searching and reading manuals to wade my way through the Mantis-PHP maze of code.
In order to help people who want to walk down the same path, I aim to simplify their life by providing steps to achieve this feat:
1. Download Mantis and unzip at /var/www/html (or whatever your DocumentRoot is at in /etc/httpd/conf/httpd.conf) and rename the folder to mantis. As of writing this post, the stable version was mantis-1.1.1
2. A bunch of global Mantis settings are listed in the mantis/config_defaults_inc.php. I tried to override the ones that were relevant to this integration. Here's the file:
# --- database variables --------- # set these values to match your setup $g_hostname = "10.0.0.4"; $g_db_username = "mantisuser"; $g_db_password = "password"; $g_database_name = "mantis"; $g_db_type = "mysql"; # --- email variables ------------- $g_administrator_email = 'admin@mycompany.com'; $g_webmaster_email = 'webmaster@mycompany.com'; # the "From: " field in emails $g_from_email = 'noreply@mycompany.com'; # the return address for bounced mail $g_return_path_email = 'admin@mycompany.com'; # --- file upload settings -------- # This is the master setting to disable *all* file uploading functionality # # The default value is ON but you must make sure file uploading is enabled # in PHP as well. You may need to add "file_uploads = TRUE" to your php.ini. $g_allow_file_upload = ON; # LDAP $g_login_method = LDAP; $g_ldap_server = 'ldap://10.0.0.4/'; $g_ldap_port = '389'; $g_ldap_root_dn = 'dc=mycompany,dc=com'; $g_ldap_organization = 'objectClass=*'; # e.g. '(organizationname=*Traffic)' $g_ldap_uid_field = 'uid'; # Use 'sAMAccountName' for Active Directory $g_ldap_bind_dn = 'uid=root,ou=Users,dc=mycompany,dc=com'; $g_ldap_bind_passwd = 'cleartextsecret'; # Should we send to the LDAP email address or what MySql tells us $g_use_ldap_email = OFF; # The LDAP Protocol Version, if 0, then the protocol version is not set. $g_ldap_protocol_version = 3; # --- signup ---------------------- $g_allow_signup = OFF; $g_lost_password_feature = OFF;
3. In the file 'mantis/core/authentication.php', change the lines in the function 'auth_attempt_login' begining "if ( false === $t_user_id ) {" as follows
if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method \\ LDAP == $t_login_method ) { # attempt to create the user if using BASIC_AUTH if ( BASIC_AUTH == $t_login_method) { $t_cookie_string = user_create( $p_username, $p_password ); } elseif ( LDAP == $t_login_method ) { $t_cookie_string = user_create( $p_username, '', ldap_email_from_username( $p_username ) ); } if ( false === $t_cookie_string ) { # it didn't work return false; }
4. Restart your Apache HTTPD server and validate.
2 comments:
Thanks for the writeup. Do you know whether you can use the bugtracker with ldap integration for external logins also. Lets say you have a company administering your website, and you wanted to use mantis for that?
@Lars: If I understand your question correctly, you have your website being administered by a professional hosting company. Now you possibly have your LDAP server hosted internally on your network and would like to have Mantis on your website but authenticated via your LDAP server. Since, both Mantis and the LDAP server were on my internal network, I did not have to worry about the security aspect as much as you would have to. Couple of solutions that I can think of: One, a VPN bridge from your hosting company to your network; two, exposing the LDAP server in your network to the outside world (Use appropriate security measures. Refer: OpenLDAP Admin's Guide, Chap14-16, http://www.openldap.org/doc/admin24/)
Post a Comment