LDAP authentication issue - how to refresh local password store

Discussion:

Juergen Paller

2010-11-18 17:06:42 UTC

Hi list

We have a strange issue coming up with Bugzilla 3.4.4 running on a linux box with apache 2.2 and mysql 5.1 .

We are using our central LDAP Server (Windows AD) to authenticate users. Command line LDAP search is working as a charm.

Currently there are about 100 active users and some of them are unfortunately not able to login anymore to Bugzilla, receiving the standard
<The username or password you entered is not valid.> error message, after providing the username and correct AD-Password.

New users are added to the local mysql database, after they have authenticated once - changed AD passwords are also reflected properly within Bugzilla, really don't have a clue, where to start now.

I have tried to set the password on our Testsystem and copy over the crypted string to the production system, as a workaround - no luck :(

Any hints/ideas would be appreciated, how to debug and get those users activated.

Thanks and regards,
Juergen

J?rgen Paller
System Administrator

[cid:rts-***@db104aceb30f422f927210cbb235bedd]

RTS Realtime Systems Software GmbH, Rembrandtstrasse 13, D-60596 Frankfurt am Main
T: +49.69.61009.0 / F: +49.69.61009.181

Sitz: Frankfurt am Main - HRB 84467 Amtsgericht Frankfurt am Main
Gesch?ftsf?hrer: Steffen Gemuenden, Igor Sluga

www.rtsgroup.net

This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify me immediately by return email and promptly delete this message and its attachments from your computer system.

Max Kanat-Alexander

2010-11-21 04:02:54 UTC

Permalink

Post by Juergen Paller
Currently there are about 100 active users and some of them are unfortunately not able to login anymore to Bugzilla, receiving the standard
<The username or password you entered is not valid.> error message, after providing the username and correct AD-Password.

Remember that when logging in via LDAP, you have to provide your LDAP
username, not your email address. Perhaps they are still trying to use
their Bugzilla email address to log in.

If there is some error with LDAP, removing "DB" as one of the
user_verify_method options will expose the error.

Post by Juergen Paller
New users are added to the local mysql database, after they have authenticated once

Yes, but their passwords are not stored in the Bugzilla database.

-Max

--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.

Juergen Paller

2010-11-29 13:10:59 UTC

Permalink

Hi

Our LDAP username differs from the email-address, but the LDAP usernames works for all "old" profile entries - after the password is changed, it's not updated in the profiles table.

I found a work-around for this strange behavior:

I have deleted the crypted password-entry of the field and logged in with the email-address, that's working fine - don't know, why the old method, with the LDAP username is not working anymore.

The error was still not exposed, after removing "DB" from the list - it's only LDAP there.

It really seems the passwords are stored in the database, but bugzilla is not able to sync against the AD - the mentioned workaround works fine. Maybe an upgrade to 3.6.8 solves this issue.

Thanks for your support and regards,
Juergen

J?rgen Paller
System Administrator

RTS Realtime Systems Software GmbH, Rembrandtstrasse 13, D-60596 Frankfurt am Main
T: +49.69.61009.0 / F: +49.69.61009.181

Sitz: Frankfurt am Main - HRB 84467 Amtsgericht Frankfurt am Main
Gesch?ftsf?hrer: Steffen Gemuenden, Igor Sluga

www.rtsgroup.net

This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify me immediately by return email and promptly delete this message and its attachments from your computer system.
-----Original Message-----
From: support-bugzilla-bounces+j.paller=***@lists.mozilla.org [mailto:support-bugzilla-bounces+j.paller=***@lists.mozilla.org] On Behalf Of Max Kanat-Alexander
Sent: Sonntag, 21. November 2010 05:03
To: support-***@lists.mozilla.org
Subject: Re: LDAP authentication issue - how to refresh local password store

Post by Juergen Paller
New users are added to the local mysql database, after they have authenticated once

Yes, but their passwords are not stored in the Bugzilla database.

-Max
--
http://www.everythingsolved.com/
Competent, Friendly Bugzilla and Perl Services. Everything Else, too.
_______________________________________________
support-bugzilla mailing list
support-***@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-bugzilla
PLEASE put support-***@lists.mozilla.org in the To: field when you reply.

Max Kanat-Alexander

2010-11-30 06:34:02 UTC

Permalink

Post by Juergen Paller
It really seems the passwords are stored in the database, but bugzilla is not able to sync against the AD

Bugzilla does not sync passwords with LDAP. The only password stored in
the database is the "DB" auth password. If you have both LDAP and DB
enabled, then users have two passwords (and possibly two usernames) for
the same account--one LDAP password and one DB password.

-Max

--
http://www.bugzillasource.com/
Competent, Friendly Bugzilla, Perl, and IT Services

Continue reading on narkive:

Search results for 'LDAP authentication issue - how to refresh local password store' (Questions and Answers)

replies

who win the match for jonh and randy ortan?

started 2007-08-19 06:00:21 UTC

rugby league