Difference between revisions of "Cool Solution - Setting up Bugzilla with LDAP authentication"

From Univention Wiki

Jump to: navigation, search
(Created page with "{{Cool Solutions Disclaimer|Repository=yes|UCS=4.1}} {{Review-Status}} <pre>univention-install mysql-server univention-install make gcc libapache2-mod-perl2</pre> <pre>mysql -ur...")
 
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Cool Solutions Disclaimer|Repository=yes|UCS=4.1}}
+
{{Version|UCS=4.1}}
{{Review-Status}}
+
{{Cool Solutions Disclaimer|Repository=no}}
<pre>univention-install mysql-server
+
{{#seo:
univention-install make gcc libapache2-mod-perl2</pre>
+
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|&#39;|'}}|&#38;|&}}|&#34;|"}}|Cool Solution - |}} - {{SITENAME}}
 +
<!--|description=-->
 +
}}
  
<pre>mysql -uroot -p$(cat /etc/mysql.secret)
+
The current version of Bugzilla can currently not be installed on an UCS system, because it requires a newer version of CGI.pm than the one available in UCS 4.1. Thus, we will only explain setting up LDAP authentication from an Ubuntu server running Bugzilla against UCS LDAP.
mysql> CREATE USER 'bugs'@'localhost' IDENTIFIED BY  'your_own_passwd';
 
mysql> CREATE DATABASE `bugs`;
 
mysql> GRANT ALL PRIVILEGES ON  `bugs` . * TO  'bugs'@'localhost';
 
mysql> exit</pre>
 
  
 +
''Note: UCS operates only as LDAP server. Make sure you install Bugzilla on an up-to-date Debian Server.''
  
<pre>vim /etc/apache2/sites-available/bugzilla</pre>
+
You can obtain information on how to install Bugzilla from the [https://bugzilla.readthedocs.io/en/latest/installing/index.html official documentation].
  
<pre><Directory /var/www/bugzilla/>
+
{{TOC}}
              AddHandler cgi-script .cgi
 
              Options +Indexes +ExecCGI
 
              DirectoryIndex index.cgi
 
              AllowOverride All
 
</Directory></pre>
 
  
<pre>a2ensite bugzilla
+
== Configuration to use an external LDAP service ==
service apache2 reload</pre>
+
For this setup, you will need a user in your UCS system, with which Bugzilla can authorize itself and search the database.<br>
 +
We recommend creating a distinct user just for Bugzilla. You can visit the [[Cool Solution - LDAP search user|LDAP search user article]], if you need help doing so.
  
 +
To successfully connect your Bugzilla system with the UCS LDAP, login into Bugzilla with your administration account<br>
 +
and visit the '''User Authentication''' tab in the core '''parameter''' settings. (''example.com''/bugzilla/editparams.cgi?section=auth)
  
<pre>https://www.bugzilla.org/download/
 
wget https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-5.0.2.tar.gz
 
tar xfz bugzilla-5.0.2.tar.gz
 
mv bugzilla-5.0.2 bugzilla
 
chown -R www-data.www-data bugzilla
 
mv bugzilla /var/www/
 
cd /var/www/bugzilla</pre>
 
  
<pre>./checksetup.pl --check-modules
+
Now scroll down, until you reach the '''user_verify_class''' area. Here you will find a list with multiple verification options.<br>
/usr/bin/perl install-module.pl --all
+
If LDAP is disabled (below the grey bar), select it and push the up-arrow until it is above the grey bar but still below the default option (DB). Click the save button.
  
./checksetup.pl</pre>
+
Next, select the '''LDAP''' tab on the left hand side, enter the following settings and save:
 +
{| class="wikitable"
 +
|-
 +
! attribute                                          !! values
 +
|-
 +
| LDAPServer || ldaps://<FQDN of your UCS server>:7636
 +
|-
 +
| LDAPstarttls || off
 +
|-
 +
| LDAPbinddn || <Full DN of your authentication account>:<password of the authentication account>
 +
|-
 +
| LDAPuidattribute || uid
 +
|-
 +
| LDAPmailattribute || mailPrimaryAddress
 +
|-
 +
| LDAPfilter ||  (empty)
 +
|}
  
<pre>vim ./localconfig</pre>
+
You can now log out and test the connection with a user from your UCS system.
  
<pre>$webservergroup = 'www-data';
+
== Further links  ==
$db_driver = 'mysql';
+
*[https://bugzilla.readthedocs.io/en/latest/installing/index.html Bugzilla Installation Guide]
$db_host = 'localhost';
+
*[https://www.bugzilla.org/docs/2.20/html/general-advice.html Bugzilla General Advice (how to enable the error log)]
$db_name = 'bugs';
 
$db_user = 'bugs';
 
$db_pass = 'your_own_passwd';</pre>
 
 
 
<pre>vim /etc/mysql/my.cnf
 
 
 
[mysqld]
 
# Allow small words in full-text indexes
 
ft_min_word_len=2</pre>
 
 
 
<pre>cd /var/www/bugzilla
 
./checksetup.pl
 
 
 
 
 
Enter the e-mail address of the administrator: muster@example.com
 
Enter the real name of the administrator: mmuster
 
Enter a password for the administrator account:</pre>
 

Latest revision as of 14:05, 8 September 2017

Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

The current version of Bugzilla can currently not be installed on an UCS system, because it requires a newer version of CGI.pm than the one available in UCS 4.1. Thus, we will only explain setting up LDAP authentication from an Ubuntu server running Bugzilla against UCS LDAP.

Note: UCS operates only as LDAP server. Make sure you install Bugzilla on an up-to-date Debian Server.

You can obtain information on how to install Bugzilla from the official documentation.

Configuration to use an external LDAP service

For this setup, you will need a user in your UCS system, with which Bugzilla can authorize itself and search the database.
We recommend creating a distinct user just for Bugzilla. You can visit the LDAP search user article, if you need help doing so.

To successfully connect your Bugzilla system with the UCS LDAP, login into Bugzilla with your administration account
and visit the User Authentication tab in the core parameter settings. (example.com/bugzilla/editparams.cgi?section=auth)


Now scroll down, until you reach the user_verify_class area. Here you will find a list with multiple verification options.
If LDAP is disabled (below the grey bar), select it and push the up-arrow until it is above the grey bar but still below the default option (DB). Click the save button.

Next, select the LDAP tab on the left hand side, enter the following settings and save:

attribute values
LDAPServer ldaps://<FQDN of your UCS server>:7636
LDAPstarttls off
LDAPbinddn <Full DN of your authentication account>:<password of the authentication account>
LDAPuidattribute uid
LDAPmailattribute mailPrimaryAddress
LDAPfilter (empty)

You can now log out and test the connection with a user from your UCS system.

Further links

Personal tools