my $user_entry = $detail_result->shift_entry;
my $mail_attr = Param("LDAPmailattribute");
- if (!$user_entry->exists($mail_attr)) {
- return { failure => AUTH_ERROR,
- error => "ldap_cannot_retreive_attr",
- details => {attr => $mail_attr} };
+ if ($mail_attr) {
+ if (!$user_entry->exists($mail_attr)) {
+ return { failure => AUTH_ERROR,
+ error => "ldap_cannot_retreive_attr",
+ details => {attr => $mail_attr} };
+ }
+
+ $params->{bz_username} = $user_entry->get_value($mail_attr);
+ } else {
+ $params->{bz_username} = $username;
}
- $params->{bz_username} = $user_entry->get_value($mail_attr);
$params->{realname} ||= $user_entry->get_value("displayName");
$params->{realname} ||= $user_entry->get_value("cn");
<!-- <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"> -->
-<!-- $Id: installation.xml,v 1.118 2006/04/30 20:35:15 lpsolit%gmail.com Exp $ -->
+<!-- $Id: installation.xml,v 1.119 2006/05/30 21:17:34 mkanat%bugzilla.org Exp $ -->
<chapter id="installing-bugzilla">
<title>Installing Bugzilla</title>
you need to deal with user ID (e.g assigning a bug) use the email
address. The LDAP authentication builds on top of this scheme, rather
than replacing it. The initial log in is done with a username and
- password for the LDAP directory. This then fetches the email address
- from LDAP and authenticates seamlessly in the standard Bugzilla
- authentication scheme using this email address. If an account for this
- address already exists in your Bugzilla system, it will log in to that
- account. If no account for that email address exists, one is created at
- the time of login. (In this case, Bugzilla will attempt to use the
- "displayName" or "cn" attribute to determine the user's full name.)
- After authentication, all other user-related tasks are still handled by
- email address, not LDAP username. You still assign bugs by email
- address, query on users by email address, etc.
+ password for the LDAP directory. Bugzilla tries to bind to LDAP using
+ those credentials, and if successful, try to map this account to a
+ Bugzilla account. If a LDAP mail attribute is defined, the value of this
+ attribute is used, otherwise emailsuffix parameter is appended to LDAP
+ username to form a full email adress. If an account for this address
+ already exists in your Bugzilla system, it will log in to that account.
+ If no account for that email address exists, one is created at the time
+ of login. (In this case, Bugzilla will attempt to use the "displayName"
+ or "cn" attribute to determine the user's full name.) After
+ authentication, all other user-related tasks are still handled by email
+ address, not LDAP username. You still assign bugs by email address, query
+ on users by email address, etc.
</para>
<caution>
LDAPuidattribute => "The name of the attribute containing the user's login name.",
- LDAPmailattribute => "The name of the attribute of a user in your directory that " _
- "contains the email address.",
+ LDAPmailattribute => "The name of the attribute of a user in your " _
+ "directory that contains the email address, to be " _
+ "used as $terms.Bugzilla username. If this parameter " _
+ "is empty, $terms.Bugzilla will use the LDAP username"_
+ " as the $terms.Bugzilla username. You may also want" _
+ " to set the \"emailsuffix\" parameter, in this case.",
LDAPfilter => "LDAP filter to AND with the <tt>LDAPuidattribute</tt> for " _
"filtering the list of valid users." }
projects / thirdparty / bugzilla.git / commitdiff
