Difference between revisions of "Cool Solution - Setting up Bugzilla with LDAP authentication"

From Univention Wiki

Jump to: navigation, search
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Cool Solutions Disclaimer|Repository=yes|UCS=4.1}}
+
{{Version|UCS=4.1}}
{{Review-Status}}
+
{{Cool Solutions Disclaimer|Repository=no}}
 +
{{#seo:
 +
|title={{#replace:{{#replace:{{#replace:{{#replace:{{FULLPAGENAME}}|'|'}}|&|&}}|"|"}}|Cool Solution - |}} - {{SITENAME}}
 +
<!--|description=-->
 +
}}
  
First things first prepare your system with the following packages:
+
The current version of Bugzilla can currently not be installed on an UCS system, because it requires a newer version of CGI.pm than the one available in UCS 4.1. Thus, we will only explain setting up LDAP authentication from an Ubuntu server running Bugzilla against UCS LDAP.
<pre>univention-install mysql-server
 
univention-install make gcc libapache2-mod-perl2</pre>
 
  
The next step is, to create a database and a database user. It's necessary to create Bugzilla templates later on.
+
''Note: UCS operates only as LDAP server. Make sure you install Bugzilla on an up-to-date Debian Server.''
  
<pre>mysql -uroot -p$(cat /etc/mysql.secret)
+
You can obtain information on how to install Bugzilla from the [https://bugzilla.readthedocs.io/en/latest/installing/index.html official documentation].
mysql> CREATE USER 'bugs'@'localhost' IDENTIFIED BY  'your_own_passwd';
 
mysql> CREATE DATABASE `bugs`;
 
mysql> GRANT ALL PRIVILEGES ON  `bugs` . * TO  'bugs'@'localhost';
 
mysql> exit</pre>
 
  
Create a new file (e.g bugzilla) to setup a new website.
+
{{TOC}}
<pre>vim /etc/apache2/sites-available/bugzilla</pre>
 
  
<pre><Directory /var/www/bugzilla/>
+
== Configuration to use an external LDAP service ==
              AddHandler cgi-script .cgi
+
For this setup, you will need a user in your UCS system, with which Bugzilla can authorize itself and search the database.<br>
              Options +Indexes +ExecCGI
+
We recommend creating a distinct user just for Bugzilla. You can visit the [[Cool Solution - LDAP search user|LDAP search user article]], if you need help doing so.
              DirectoryIndex index.cgi
 
              AllowOverride All
 
</Directory></pre>
 
  
The following command enables the new website.
+
To successfully connect your Bugzilla system with the UCS LDAP, login into Bugzilla with your administration account<br>
<pre>a2ensite bugzilla
+
and visit the '''User Authentication''' tab in the core '''parameter''' settings. (''example.com''/bugzilla/editparams.cgi?section=auth)
service apache2 reload</pre>
 
  
Please download the latest version of bugzilla at: [https://www.bugzilla.org/download/]. Unzip the file and move it to /var/www
 
<pre>wget https://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-5.0.2.tar.gz
 
tar xfz bugzilla-5.0.2.tar.gz
 
mv bugzilla-5.0.2 bugzilla
 
chown -R www-data.www-data bugzilla
 
mv bugzilla /var/www/
 
cd /var/www/bugzilla</pre>
 
  
Execute the following command to check, if every needed module is installed.
+
Now scroll down, until you reach the '''user_verify_class''' area. Here you will find a list with multiple verification options.<br>
After the check is done, run the displayed command, to install or upgrade all modules, which are necessary.
+
If LDAP is disabled (below the grey bar), select it and push the up-arrow until it is above the grey bar but still below the default option (DB). Click the save button.
<pre>./checksetup.pl --check-modules
 
/usr/bin/perl install-module.pl --all</pre>
 
  
If the installation was succesfully, run the following script to create a bugzilla template.
+
Next, select the '''LDAP''' tab on the left hand side, enter the following settings and save:
 +
{| class="wikitable"
 +
|-
 +
! attribute                                          !! values
 +
|-
 +
| LDAPServer || ldaps://<FQDN of your UCS server>:7636
 +
|-
 +
| LDAPstarttls || off
 +
|-
 +
| LDAPbinddn || <Full DN of your authentication account>:<password of the authentication account>
 +
|-
 +
| LDAPuidattribute || uid
 +
|-
 +
| LDAPmailattribute || mailPrimaryAddress
 +
|-
 +
| LDAPfilter ||  (empty)
 +
|}
  
<pre>./checksetup.pl</pre>
+
You can now log out and test the connection with a user from your UCS system.
  
Chechsetup.pl create a new file named localconfig. Please open this file and change the values as follow:
+
== Further links  ==
<pre>vim ./localconfig</pre>
+
*[https://bugzilla.readthedocs.io/en/latest/installing/index.html Bugzilla Installation Guide]
 
+
*[https://www.bugzilla.org/docs/2.20/html/general-advice.html Bugzilla General Advice (how to enable the error log)]
<pre>$webservergroup = 'www-data';
 
$db_driver = 'mysql';
 
$db_host = 'localhost';
 
$db_name = 'bugs';
 
$db_user = 'bugs';
 
$db_pass = 'your_own_passwd';</pre>
 
 
 
By default, words must be at least four characters in length in order to be indexed by MySQL's full-text indexes. This causes a lot of Bugzilla specific words to be missed, including "cc", "ftp" and "uri".
 
 
 
It's useful  to add the following line in /etc/mysql/my.conf in the [mysqld] section
 
 
 
<pre>vim /etc/mysql/my.cnf
 
 
 
[mysqld]
 
# Allow small words in full-text indexes
 
ft_min_word_len=2</pre>
 
 
 
At least run the following command again and configure a Bugzilla administrator
 
<pre>cd /var/www/bugzilla
 
./checksetup.pl
 
 
 
 
 
Enter the e-mail address of the administrator: muster@example.com
 
Enter the real name of the administrator: mmuster
 
Enter a password for the administrator account:</pre>
 

Latest revision as of 14:05, 8 September 2017

Produktlogo UCS Version 4.1

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.

The current version of Bugzilla can currently not be installed on an UCS system, because it requires a newer version of CGI.pm than the one available in UCS 4.1. Thus, we will only explain setting up LDAP authentication from an Ubuntu server running Bugzilla against UCS LDAP.

Note: UCS operates only as LDAP server. Make sure you install Bugzilla on an up-to-date Debian Server.

You can obtain information on how to install Bugzilla from the official documentation.

Configuration to use an external LDAP service

For this setup, you will need a user in your UCS system, with which Bugzilla can authorize itself and search the database.
We recommend creating a distinct user just for Bugzilla. You can visit the LDAP search user article, if you need help doing so.

To successfully connect your Bugzilla system with the UCS LDAP, login into Bugzilla with your administration account
and visit the User Authentication tab in the core parameter settings. (example.com/bugzilla/editparams.cgi?section=auth)


Now scroll down, until you reach the user_verify_class area. Here you will find a list with multiple verification options.
If LDAP is disabled (below the grey bar), select it and push the up-arrow until it is above the grey bar but still below the default option (DB). Click the save button.

Next, select the LDAP tab on the left hand side, enter the following settings and save:

attribute values
LDAPServer ldaps://<FQDN of your UCS server>:7636
LDAPstarttls off
LDAPbinddn <Full DN of your authentication account>:<password of the authentication account>
LDAPuidattribute uid
LDAPmailattribute mailPrimaryAddress
LDAPfilter (empty)

You can now log out and test the connection with a user from your UCS system.

Further links

Personal tools