diff options
| -rw-r--r-- | Bugzilla/Auth/Verify/LDAP.pm | 15 | ||||
| -rw-r--r-- | docs/xml/installation.xml | 24 | ||||
| -rw-r--r-- | template/en/default/admin/params/ldap.html.tmpl | 8 |
3 files changed, 29 insertions, 18 deletions
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm index 848018549..dccfa0b7c 100644 --- a/Bugzilla/Auth/Verify/LDAP.pm +++ b/Bugzilla/Auth/Verify/LDAP.pm @@ -86,13 +86,18 @@ sub check_credentials { my $user_entry = $detail_result->shift_entry; my $mail_attr = Param("LDAPmailattribute"); - if (!$user_entry->exists($mail_attr)) { - return { failure => AUTH_ERROR, - error => "ldap_cannot_retreive_attr", - details => {attr => $mail_attr} }; + if ($mail_attr) { + if (!$user_entry->exists($mail_attr)) { + return { failure => AUTH_ERROR, + error => "ldap_cannot_retreive_attr", + details => {attr => $mail_attr} }; + } + + $params->{bz_username} = $user_entry->get_value($mail_attr); + } else { + $params->{bz_username} = $username; } - $params->{bz_username} = $user_entry->get_value($mail_attr); $params->{realname} ||= $user_entry->get_value("displayName"); $params->{realname} ||= $user_entry->get_value("cn"); diff --git a/docs/xml/installation.xml b/docs/xml/installation.xml index 75928058b..8e63f5858 100644 --- a/docs/xml/installation.xml +++ b/docs/xml/installation.xml @@ -1,5 +1,5 @@ <!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> --> -<!-- $Id: installation.xml,v 1.118 2006/04/30 20:35:15 lpsolit%gmail.com Exp $ --> +<!-- $Id: installation.xml,v 1.119 2006/05/30 21:17:34 mkanat%bugzilla.org Exp $ --> <chapter id="installing-bugzilla"> <title>Installing Bugzilla</title> @@ -1320,16 +1320,18 @@ c:\perl\bin\perl.exe -xc:\bugzilla -wT "%s" %s you need to deal with user ID (e.g assigning a bug) use the email address. The LDAP authentication builds on top of this scheme, rather than replacing it. The initial log in is done with a username and - password for the LDAP directory. This then fetches the email address - from LDAP and authenticates seamlessly in the standard Bugzilla - authentication scheme using this email address. If an account for this - address already exists in your Bugzilla system, it will log in to that - account. If no account for that email address exists, one is created at - the time of login. (In this case, Bugzilla will attempt to use the - "displayName" or "cn" attribute to determine the user's full name.) - After authentication, all other user-related tasks are still handled by - email address, not LDAP username. You still assign bugs by email - address, query on users by email address, etc. + password for the LDAP directory. Bugzilla tries to bind to LDAP using + those credentials, and if successful, try to map this account to a + Bugzilla account. If a LDAP mail attribute is defined, the value of this + attribute is used, otherwise emailsuffix parameter is appended to LDAP + username to form a full email adress. If an account for this address + already exists in your Bugzilla system, it will log in to that account. + If no account for that email address exists, one is created at the time + of login. (In this case, Bugzilla will attempt to use the "displayName" + or "cn" attribute to determine the user's full name.) After + authentication, all other user-related tasks are still handled by email + address, not LDAP username. You still assign bugs by email address, query + on users by email address, etc. </para> <caution> diff --git a/template/en/default/admin/params/ldap.html.tmpl b/template/en/default/admin/params/ldap.html.tmpl index af1a756a4..0490aa675 100644 --- a/template/en/default/admin/params/ldap.html.tmpl +++ b/template/en/default/admin/params/ldap.html.tmpl @@ -39,8 +39,12 @@ LDAPuidattribute => "The name of the attribute containing the user's login name.", - LDAPmailattribute => "The name of the attribute of a user in your directory that " _ - "contains the email address.", + LDAPmailattribute => "The name of the attribute of a user in your " _ + "directory that contains the email address, to be " _ + "used as $terms.Bugzilla username. If this parameter " _ + "is empty, $terms.Bugzilla will use the LDAP username"_ + " as the $terms.Bugzilla username. You may also want" _ + " to set the \"emailsuffix\" parameter, in this case.", LDAPfilter => "LDAP filter to AND with the <tt>LDAPuidattribute</tt> for " _ "filtering the list of valid users." } |