Bug 320751: LDAP: Ability to have Bugzilla use the LDAP username directly as the Bugzilla username

Patch By guillomovitch@zarb.org r=mkanat, a=myk

Bug 320751: LDAP: Ability to have Bugzilla use the LDAP username directly as the Bugzilla username
ee385c93 · mkanat%bugzilla.org · f3254c63 · ee385c93 · ee385c93 · ee385c93
Commit ee385c93 authored May 31, 2006 by mkanat%bugzilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 18 deletions

LDAP.pm Bugzilla/Auth/Verify/LDAP.pm +10 -5

installation.xml docs/xml/installation.xml +13 -11

ldap.html.tmpl template/en/default/admin/params/ldap.html.tmpl +6 -2

No files found.
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -86,13 +86,18 @@ sub check_credentials {
    my $user_entry = $detail_result->shift_entry;

    my $mail_attr = Param("LDAPmailattribute");
-    if (!$user_entry->exists($mail_attr)) {
-        return { failure => AUTH_ERROR,
-                 error   => "ldap_cannot_retreive_attr",
-                 details => {attr => $mail_attr} };
+    if ($mail_attr) {
+        if (!$user_entry->exists($mail_attr)) {
+            return { failure => AUTH_ERROR,
+                     error   => "ldap_cannot_retreive_attr",
+                     details => {attr => $mail_attr} };
+        }
+
+        $params->{bz_username} = $user_entry->get_value($mail_attr);
+    } else {
+        $params->{bz_username} = $username;
    }

-    $params->{bz_username} = $user_entry->get_value($mail_attr);
    $params->{realname}  ||= $user_entry->get_value("displayName");
    $params->{realname}  ||= $user_entry->get_value("cn");


--- a/docs/xml/installation.xml
+++ b/docs/xml/installation.xml
 <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: installation.xml,v 1.118 2006/04/30 20:35:15 lpsolit%gmail.com Exp $ -->
+<!-- $Id: installation.xml,v 1.119 2006/05/30 21:17:34 mkanat%bugzilla.org Exp $ -->
 <chapter id="installing-bugzilla">
  <title>Installing Bugzilla</title>

@@ -1320,16 +1320,18 @@ c:\perl\bin\perl.exe -xc:\bugzilla -wT "%s" %s
      you need to deal with user ID (e.g assigning a bug) use the email
      address. The LDAP authentication builds on top of this scheme, rather
      than replacing it. The initial log in is done with a username and
-      password for the LDAP directory. This then fetches the email address
-      from LDAP and authenticates seamlessly in the standard Bugzilla
-      authentication scheme using this email address. If an account for this
-      address already exists in your Bugzilla system, it will log in to that
-      account. If no account for that email address exists, one is created at
-      the time of login. (In this case, Bugzilla will attempt to use the
-      "displayName" or "cn" attribute to determine the user's full name.)
-      After authentication, all other user-related tasks are still handled by
-      email address, not LDAP username. You still assign bugs by email
-      address, query on users by email address, etc.
+      password for the LDAP directory. Bugzilla tries to bind to LDAP using
+      those credentials, and if successful, try to map this account to a
+      Bugzilla account. If a  LDAP mail attribute is defined, the value of this
+      attribute is used, otherwise emailsuffix parameter is appended to LDAP
+      username to form a full email adress. If an account for this address
+      already exists in your Bugzilla system, it will log in to that account.
+      If no account for that email address exists, one is created at the time
+      of login. (In this case, Bugzilla will attempt to use the "displayName"
+      or "cn" attribute to determine the user's full name.) After
+      authentication, all other user-related tasks are still handled by email
+      address, not LDAP username. You still assign bugs by email address, query
+      on users by email address, etc.
      </para>

      <caution>

--- a/template/en/default/admin/params/ldap.html.tmpl
+++ b/template/en/default/admin/params/ldap.html.tmpl
@@ -39,8 +39,12 @@

  LDAPuidattribute => "The name of the attribute containing the user's login name.",

-  LDAPmailattribute => "The name of the attribute of a user in your directory that " _
-                       "contains the email address.",
+  LDAPmailattribute => "The name of the attribute of a user in your " _
+                       "directory that contains the email address, to be " _
+                       "used as $terms.Bugzilla username. If this parameter " _
+                       "is empty, $terms.Bugzilla will use the LDAP username"_
+                       " as the $terms.Bugzilla username. You may also want" _
+                       " to set the \"emailsuffix\" parameter, in this case.",

  LDAPfilter => "LDAP filter to AND with the <tt>LDAPuidattribute</tt> for " _
                "filtering the list of valid users." }