LDAP

Functionality is provided by using the php-ldap module (/usr/lib/php4/ldap.so). An extra login method is defined within core/user_API.php inside of function is_password_match $f_username, $p_test_password, $p_password ).This has a simple, non encrypted (yet) test of the LDAP directory for that user by asking for an entry with uid=username and password=test_password, if this exists, it is presumed that the user should be granted access.

Configuration basics. the LDIF format that was tested is as follows:

dn: uid=tests,
                        dc=test, dc=com, dc=au
                        department: testdep
                        organizationname: Testing Organization
                        cn: Test Smith
                        assignedgroup: users
                        givename: Test
                        sn: Smith
                        mail: [email protected]
                        uid: testsuser
                        Password: password
                        objectclass: testPerson
                    
The password may be in clear, taken from the /etc/passwd or /etc/shadow file, or simply encrypted and added using current LDAP tools.There are some specialized software for replicating passwd to LDAP and inversely (eg. http://freshmeat.net/projects/cpu/ ).

Also setup the LDAP parameters explained in the Authentication section. Don't forget to change your $g_login_method to LDAP.

Creating new accounts. There is still a bit of problem when you want to create a new user to MantisBT using LDAP, you must create the LDIF entry to LDAP, and also sign up for a new account, if both of these line up correctly, authentication will proceed. Email is queried from the LDAP database if the authentication is set to use LDAP instead of the user record in the database entry.