From: lpsolit%gmail.com <> Date: Sat, 16 Feb 2008 23:58:12 +0000 (+0000) Subject: Bug 390603: Configuration parameters documentation needs updating - Patch by Sam... X-Git-Tag: bugzilla-3.0.4~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90f2de772738a4f650e94b265f4cad6d94aff164;p=thirdparty%2Fbugzilla.git Bug 390603: Configuration parameters documentation needs updating - Patch by Sam Folk-Williams r=LpSolit --- diff --git a/docs/xml/administration.xml b/docs/xml/administration.xml index 68312a8171..441a86ba4b 100644 --- a/docs/xml/administration.xml +++ b/docs/xml/administration.xml @@ -7,322 +7,832 @@ Bugzilla is configured by changing various parameters, accessed - from the "Edit parameters" link in the page footer. Here are - some of the key parameters on that page. You should run down this - list and set them appropriately after installing Bugzilla. + from the "Parameters" link in the page footer. + The parameters are divided into several categories, + accessed via the menu on the left. Following is a description of the + different categories and important parameters within those categories. - - checklist - +
+ Required Settings - - - - maintainer - - - - The maintainer parameter is the email address of the person - responsible for maintaining this Bugzilla installation. - The address need not be that of a valid Bugzilla account. - - - + + The core required parameters for any Bugzilla installation are set + here. These parameters must be set before a new Bugzilla installation + can be used. Administrators should review this list before + deploying a new Bugzilla installation. + - - - urlbase - - - - This parameter defines the fully qualified domain name and web - server path to your Bugzilla installation. - + + checklist + - - For example, if your Bugzilla query page is - http://www.foo.com/bugzilla/query.cgi, - set your urlbase - to http://www.foo.com/bugzilla/. - - - + - - - makeproductgroups - - - - This dictates whether or not to automatically create groups - when new products are created. - - - + + + maintainer + + + + Email address of the person + responsible for maintaining this Bugzilla installation. + The address need not be that of a valid Bugzilla account. + + + - - - useentrygroupdefault - - - - Bugzilla products can have a group associated with them, so that - certain users can only see bugs in certain products. When this - parameter is set to on, this - causes the initial group controls on newly created products - to place all newly-created bugs in the group - having the same name as the product immediately. - After a product is initially created, the group controls - can be further adjusted without interference by - this mechanism. - - - + + + urlbase + + + + Defines the fully qualified domain name and web + server path to this Bugzilla installation. + + + For example, if the Bugzilla query page is + http://www.foo.com/bugzilla/query.cgi, + the urlbase should be set + to http://www.foo.com/bugzilla/. + + + - - - mail_delivery_method - - + + + docs_urlbase + + + + Defines path to the Bugzilla documentation. This can be a fully + qualified domain name, or a path relative to "urlbase". + + + For example, if the "Bugzilla Configuration" page + of the documentation is + http://www.foo.com/bugzilla/docs/html/parameters.html, + set the docs_urlbase + to http://www.foo.com/bugzilla/docs/html/. + + + + + + + sslbase + + + + Defines the fully qualified domain name and web + server path for HTTPS (SSL) connections to this Bugzilla installation. + + + For example, if the Bugzilla main page is + https://www.foo.com/bugzilla/index.cgi, + the sslbase should be set + to https://www.foo.com/bugzilla/. + + + + + + + ssl + + + + Determines when Bugzilla will force HTTPS (SSL) connections, using + the URL defined in sslbase. + Options include "always", "never", and "authenticated sessions". + + + + + + + cookiedomain + + + + Defines the domain for Bugzilla cookies. This is typically left blank. + If there are multiple hostnames that point to the same webserver, which + require the same cookie, then this parameter can be utilized. For + example, If your website is at + https://www.foo.com/, setting this to + .foo.com/ will also allow + bar.foo.com/ to access Bugzilla cookies. + + + + + + + cookiepath + + + + Defines a path, relative to the web server root, that Bugzilla + cookies will be restricted to. For example, if the + urlbase is set to + http://www.foo.com/bugzilla/, the + cookiepath should be set to + /bugzilla/. Setting it to "/" will allow all sites + served by this web server or virtual host to read Bugzilla cookies. + + + + + + + timezone + + + + Timezone of server. The timezone is displayed with timestamps. If + this parameter is left blank, the timezone is not displayed. + + + + + + + utf8 + + + + Determines whether to use UTF-8 (Unicode) encoding for all text in + Bugzilla. New installations should set this to true to avoid character + encoding problems. Existing databases should set this to true only + after the data has been converted from existing legacy character + encoding to UTF-8, using the + contrib/recode.pl script. + + + + If you turn this parameter from "off" to "on", you must re-run + checksetup.pl immediately afterward. + + + + + + + + shutdownhtml + + + + If there is any text in this field, this Bugzilla installation will + be completely disabled and this text will appear instead of all + Bugzilla pages for all users, including Admins. Used in the event + of site maintenance or outage situations. + + + + Although regular log-in capability is disabled while + shutdownhtml + is enabled, safeguards are in place to protect the unfortunate + admin who loses connection to Bugzilla. Should this happen to you, + go directly to the editparams.cgi (by typing + the URL in manually, if necessary). Doing this will prompt you to + log in, and your name/password will be accepted here (but nowhere + else). + + + + + + + + announcehtml + + + + Any text in this field will be displayed at the top of every HTML + page in this Bugzilla installation. The text is not wrapped in any + tags. For best results, wrap the text in a <div> + tag. Any style attributes from the CSS can be applied. For example, + to make the text green inside of a red box, add id=message + to the <div> tag. + + + + + + + proxy_url + + + + If this Bugzilla installation is behind a proxy, enter the proxy + information here to enable Bugzilla to access the Internet. Bugzilla + requires Internet access to utilize the + upgrade_notification parameter (below). If the + proxy requires authentication, use the syntax: + http://user:pass@proxy_url/. + + + + + + + upgrade_notification + + + + Enable or disable a notification on the homepage of this Bugzilla + installation when a newer version of Bugzilla is available. This + notification is only visible to administrators. Choose "disabled", + to turn off the notification. Otherwise, choose which version of + Bugzilla you want to be notified about: "development_snapshot" is the + latest release on the trunk; "latest_stable_release" is the most + recent release available on the most recent stable branch; + "stable_branch_release" the most recent release on the branch + this installation is based on. + + + + + + +
+ +
+ Administrative Policies + + This page contains parameters for basic administrative functions. + Options include whether to allow the deletion of bugs and users, whether + to allow users to change their email address, and whether to allow + user watching (one user receiving all notifications of a selected + other user). + + + + + + + supportwatchers + + + + Turning on this option allows users to ask to receive copies + of bug mail sent to another user. Watching a user with + different group permissions is not a way to 'get around' the + system; copied emails are still subject to the normal groupset + permissions of a bug, and watchers will only be + copied on emails from bugs they would normally be allowed to view. + + + + + + +
+ +
+ User Authentication - This is used to specify how email is sent, or if it is sent at - all. There are several options included for different MTAs, - along with two additional options that disable email sending. - "testfile" does not send mail, but instead saves it in - data/mailer.testfile for later review. - "none" disables email sending entirely. + This page contains the settings that control how this Bugzilla + installation will do its authentication. Choose what authentication + mechanism to use (the Bugzilla database, or an external source such + as LDAP), and set basic behavioral parameters. For example, choose + whether to require users to login to browse bugs, the management + of authentication cookies, and the regular expression used to + validate email addresses. Some parameters are highlighted below. - - - - - shadowdb - - + + + + + emailregexp + + + + Defines the regular expression used to validate email addresses + used for login names. The default attempts to match fully + qualified email addresses (i.e. 'user@example.com'). Some + Bugzilla installations allow only local user names (i.e 'user' + instead of 'user@example.com'). In that case, the + emailsuffix parameter should be used to define + the email domain. + + + + + + + emailsuffix + + + + This string is appended to login names when actually sending + email to a user. For example, + If emailregexp has been set to allow + local usernames, + then this parameter would contain the email domain for all users + (i.e. '@example.com'). + + + + + + +
+ +
+ Attachments - You run into an interesting problem when Bugzilla reaches a - high level of continuous activity. MySQL supports only table-level - write locking. What this means is that if someone needs to make a - change to a bug, they will lock the entire table until the operation - is complete. Locking for write also blocks reads until the write is - complete. Note that more recent versions of mysql support row level - locking using different table types. These types are slower than the - standard type, and Bugzilla does not yet take advantage of features - such as transactions which would justify this speed decrease. The - Bugzilla team are, however, happy to hear about any experiences with - row level locking and Bugzilla. + This page allows for setting restrictions and other parameters + regarding attachments to bugs. For example, control size limitations + and whether to allow pointing to external files via a URI. +
+
+ Bug Change Policies - The shadowdb parameter was designed to get around - this limitation. While only a single user is allowed to write to - a table at a time, reads can continue unimpeded on a read-only - shadow copy of the database. Although your database size will - double, a shadow database can cause an enormous performance - improvement when implemented on extremely high-traffic Bugzilla - databases. + Set policy on default behavior for bug change events. For example, + choose whether to allow bug reporters to set the priority or + target milestone. Also allows for configuration of what changes + should require the user to make a comment, described below. - + + + + + + commenton* + + + + All these fields allow you to dictate what changes can pass + without comment, and which must have a comment from the + person who changed them. Often, administrators will allow + users to add themselves to the CC list, accept bugs, or + change the Status Whiteboard without adding a comment as to + their reasons for the change, yet require that most other + changes come with an explanation. + + + + Set the "commenton" options according to your site policy. It + is a wise idea to require comments when users resolve, reassign, or + reopen bugs at the very least. + + + + + It is generally far better to require a developer comment + when resolving bugs than not. Few things are more annoying to bug + database users than having a developer mark a bug "fixed" without + any comment as to what the fix was (or even that it was truly + fixed!) + + + + + + + noresolveonopenblockers + + + + This option will prevent users from resolving bugs as FIXED if + they have unresolved dependencies. Only the FIXED resolution + is affected. Users will be still able to resolve bugs to + resolutions other than FIXED if they have unresolved dependent + bugs. + + + + + + +
+ +
+ Bug Fields - As a guide, on reasonably old hardware, mozilla.org began needing - shadowdb when they reached around 40,000 Bugzilla - users with several hundred Bugzilla bug changes and comments per day. + The parameters in this section determine the default settings of + several Bugzilla fields for new bugs, and also control whether + certain fields are used. + + + + + useqacontact + + + + This allows you to define an email address for each component, + in addition to that of the default assignee, who will be sent + carbon copies of incoming bugs. + + + + + + + usestatuswhiteboard + + + + This defines whether you wish to have a free-form, overwritable field + associated with each bug. The advantage of the Status Whiteboard is + that it can be deleted or modified with ease, and provides an + easily-searchable field for indexing some bugs that have some trait + in common. + + + + + + +
+ +
+ Bug Moving - The value of the parameter defines the name of the shadow bug - database. You will need to set the host and port settings from - the params page, and set up replication in your database server - so that updates reach this readonly mirror. Consult your database - documentation for more detail. + This page controls whether this Bugzilla installation allows certain + users to move bugs to an external database. If bug moving is enabled, + there are a number of parameters that control bug moving behaviors. + For example, choose which users are allowed to move bugs, the location + of the external database, and the default product and component that + bugs moved from other bug databases to this + Bugzilla installation are assigned to. - - - - - shutdownhtml - - +
+ +
+ Dependency Graphs - If you need to shut down Bugzilla to perform administration, enter - some descriptive text (with embedded HTML codes, if you'd like) - into this box. Anyone who tries to use Bugzilla (including admins) - will receive a page displaying this text. Users can neither log in - nor log out while shutdownhtml is enabled. + This page has one parameter that sets the location of a Web Dot + server, or of the Web Dot binary on the local system, that is used + to generate dependency graphs. Web Dot is a CGI program that creates + images from .dot graphic description files. If + no Web Dot server or binary is specified, then dependency graphs will + be disabled. +
- +
+ Group Security - Although regular log-in capability is disabled while 'shutdownhtml' - is enabled, safeguards are in place to protect the unfortunate - admin who loses connection to Bugzilla. Should this happen to you, - go directly to the editparams.cgi (by typing - the URL in manually, if necessary). Doing this will prompt you to - log in, and your name/password will be accepted here (but nowhere - else). + Bugzilla allows for the creation of different groups, with the + ability to restrict the visibility of bugs in a group to a set of + specific users. Specific products can also be associated with + groups, and users restricted to only see products in their groups. + Several parameters are described in more detail below. Most of the + configuration of groups and their relationship to products is done + on the "Groups" and "Product" pages of the "Administration" area. + The options on this page control global default behavior. + For more information on Groups and Group Security, see + - - - - - - movebugs - - + + + + + makeproductgroups + + + + Determines whether or not to automatically create groups + when new products are created. If this is on, the groups will be + used for querying bugs. + + + + + + + useentrygroupdefault + + + + Bugzilla products can have a group associated with them, so that + certain users can only see bugs in certain products. When this + parameter is set to on, this + causes the initial group controls on newly created products + to place all newly-created bugs in the group + having the same name as the product immediately. + After a product is initially created, the group controls + can be further adjusted without interference by + this mechanism. + + + + + + + querysharegroup + + + + The name of the group of users who are allowed to share saved + searches with one another. For more information on using + saved searches, see . + + + + + + +
+ +
+ Localization + - This option is an undocumented feature to allow moving bugs - between separate Bugzilla installations. You will need to understand - the source code in order to use this feature. Please consult - movebugs.pl in your Bugzilla source tree for - further documentation, such as it is. + This section allows for setting which language is used by default + for this Bugzilla installation. The "languages" parameter can also + be used to determine which languages this Bugzilla installation + supports. Note that any language listed here must have its + corresponding language pack installed. - - - - - useqacontact - - - - This allows you to define an email address for each component, - in addition to that of the default assignee, who will be sent - carbon copies of incoming bugs. +
+ +
+ LDAP Authentication + + LDAP authentication is a module for Bugzilla's plugin + authentication architecture. This page contains all the parameters + necessary to configure Bugzilla for use with LDAP authentication. - - - - - globalwatcher - - - This allows to define specific users that will - receive notification each time a new bug in entered, or when - an existing bug changes, according to the normal groupset - permissions. It may be useful for sending notifications to a - mailing-list, for instance. + The existing authentication + scheme for Bugzilla uses email addresses as the primary user ID, and a + password to authenticate that user. All places within Bugzilla that + require a user ID (e.g assigning a bug) use the email + address. The LDAP authentication builds on top of this scheme, rather + than replacing it. The initial log-in is done with a username and + password for the LDAP directory. Bugzilla tries to bind to LDAP using + those credentials and, if successful, tries to map this account to a + Bugzilla account. If an LDAP mail attribute is defined, the value of this + attribute is used, otherwise the "emailsuffix" parameter is appended to LDAP + username to form a full email address. If an account for this address + already exists in the Bugzilla installation, it will log in to that account. + If no account for that email address exists, one is created at the time + of login. (In this case, Bugzilla will attempt to use the "displayName" + or "cn" attribute to determine the user's full name.) After + authentication, all other user-related tasks are still handled by email + address, not LDAP username. For example, bugs are still assigned by + email address and users are still queried by email address. - - - - - usestatuswhiteboard - - + + Because the Bugzilla account is not created until the first time + a user logs in, a user who has not yet logged is unknown to Bugzilla. + This means they cannot be used as an assignee or QA contact (default or + otherwise), added to any CC list, or any other such operation. One + possible workaround is the bugzilla_ldapsync.rb + script in the + + contrib + directory. Another possible solution is fixing + bug + 201069. + + + + Parameters required to use LDAP Authentication: + + + + user_verify_class + + If you want to list LDAP here, + make sure to have set up the other parameters listed below. + Unless you have other (working) authentication methods listed as + well, you may otherwise not be able to log back in to Bugzilla once + you log out. + If this happens to you, you will need to manually edit + data/params and set user_verify_class to + DB. + + + + + + LDAPserver + + This parameter should be set to the name (and optionally the + port) of your LDAP server. If no port is specified, it assumes + the default LDAP port of 389. + + Ex. ldap.company.com + or ldap.company.com:3268 + + You can also specify a LDAP URI, so as to use other + protocols, such as LDAPS or LDAPI. If port was not specified in + the URI, the default is either 389 or 636 for 'LDAP' and 'LDAPS' + schemes respectively. + + Ex. ldap://ldap.company.com, + ldaps://ldap.company.com or + ldapi://%2fvar%2flib%2fldap_sock + + + + + + LDAPbinddn [Optional] + + Some LDAP servers will not allow an anonymous bind to search + the directory. If this is the case with your configuration you + should set the LDAPbinddn parameter to the user account Bugzilla + should use instead of the anonymous bind. + + Ex. cn=default,cn=user:password + + + + + LDAPBaseDN + + The LDAPBaseDN parameter should be set to the location in + your LDAP tree that you would like to search for email addresses. + Your uids should be unique under the DN specified here. + + Ex. ou=People,o=Company + + + + + LDAPuidattribute + + The LDAPuidattribute parameter should be set to the attribute + which contains the unique UID of your users. The value retrieved + from this attribute will be used when attempting to bind as the + user to confirm their password. + + Ex. uid + + + + + LDAPmailattribute + + The LDAPmailattribute parameter should be the name of the + attribute which contains the email address your users will enter + into the Bugzilla login boxes. + + Ex. mail + + + + +
+ +
+ Email - This defines whether you wish to have a free-form, overwritable field - associated with each bug. The advantage of the Status Whiteboard is - that it can be deleted or modified with ease, and provides an - easily-searchable field for indexing some bugs that have some trait - in common. + This page contains all of the parameters for configuring how + Bugzilla deals with the email notifications it sends. See below + for a summary of important options. - - - - - whinedays - - + + + + + mail_delivery_method + + + + This is used to specify how email is sent, or if it is sent at + all. There are several options included for different MTAs, + along with two additional options that disable email sending. + "Test" does not send mail, but instead saves it in + data/mailer.testfile for later review. + "None" disables email sending entirely. + + + + + + + sendmailnow + + + + When Bugzilla is using Sendmail older than 8.12, turning this option + off will improve performance by not waiting for Sendmail to actually + send mail. If Sendmail 8.12 or later is being used, there is + nothing to gain by turning this off. If another MTA is being used, + such as Postfix, then this option *must* be turned on (even if you + are using the fake sendmail executable that Postfix provides). + + + + + + + whinedays + + + + Set this to the number of days you want to let bugs go + in the NEW or REOPENED state before notifying people they have + untouched new bugs. If you do not plan to use this feature, simply + do not set up the whining cron job described in the installation + instructions, or set this value to "0" (never whine). + + + + + + + globalwatcher + + + + This allows you to define specific users who will + receive notification each time a new bug in entered, or when + an existing bug changes, according to the normal groupset + permissions. It may be useful for sending notifications to a + mailing-list, for instance. + + + + + + +
+ +
+ Patch Viewer - Set this to the number of days you want to let bugs go - in the NEW or REOPENED state before notifying people they have - untouched new bugs. If you do not plan to use this feature, simply - do not set up the whining cron job described in the installation - instructions, or set this value to "0" (never whine). + This page contains configuration parameters for the CVS server, + Bonsai server and LXR server that Bugzilla will use to enable the + features of the Patch Viewer. Bonsai is a tool that enables queries + to a CVS tree. LXR is a tool that can cross reference and index source + code. - - +
- - - commenton* - - +
+ Query Defaults - All these fields allow you to dictate what changes can pass - without comment, and which must have a comment from the - person who changed them. Often, administrators will allow - users to add themselves to the CC list, accept bugs, or - change the Status Whiteboard without adding a comment as to - their reasons for the change, yet require that most other - changes come with an explanation. + This page controls the default behavior of Bugzilla in regards to + several aspects of querying bugs. Options include what the default + query options are, what the "My Bugs" page returns, whether users + can freely add bugs to the quip list, and how many duplicate bugs are + needed to add a bug to the "most frequently reported" list. +
+
+ Shadow Database + + This page controls whether a shadow database is used, and all the + parameters associated with the shadow database. Bugzilla + uses the MyISAM table type in MySQL, which supports + only table-level write locking. With MyISAM, any time someone is making a change to + a bug, the entire table is locked until the write operation is complete. + Locking for write also blocks reads until the write is complete. + - Set the "commenton" options according to your site policy. It - is a wise idea to require comments when users resolve, reassign, or - reopen bugs at the very least. + The shadowdb parameter was designed to get around + this limitation. While only a single user is allowed to write to + a table at a time, reads can continue unimpeded on a read-only + shadow copy of the database. - - It is generally far better to require a developer comment - when resolving bugs than not. Few things are more annoying to bug - database users than having a developer mark a bug "fixed" without - any comment as to what the fix was (or even that it was truly - fixed!) + The shadow database is not automatically updated. Replication must + be set up to keep the shadow database in sync with the main database. - - - - - - supportwatchers - - - - Turning on this option allows users to ask to receive copies - of bug mail sent to another user. Watching a user with - different group permissions is not a way to 'get around' the - system; copied emails are still subject to the normal groupset - permissions of a bug, and watchers will only be - copied on emails from bugs they would normally be allowed to view. - - - +
- - - noresolveonopenblockers - - +
+ User Matching - This option will prevent users from resolving bugs as FIXED if - they have unresolved dependencies. Only the FIXED resolution - is affected. Users will be still able to resolve bugs to - resolutions other than FIXED if they have unresolved dependent - bugs. + The settings on this page control how users are selected and queried + when adding a user to a bug. For example, users need to be selected + when choosing who the bug is assigned to, adding to the CC list or + selecting a QA contact. With the "usemenuforusers" parameter, it is + possible to configure Bugzilla to + display a list of users in the fields instead of an empty text field. + This should only be used in Bugzilla installations with a small number + of users. If users are selected via a text box, this page also + contains parameters for how user names can be queried and matched + when entered. - - - - - sendmailnow - - - - When Bugzilla is using Sendmail older than 8.12, turning this option - off will improve performance by not waiting for Sendmail to actually - send mail. If Sendmail 8.12 or later is being used, there is - nothing to gain by turning this off. If another MTA is being used, - such as Postfix, then this option *must* be turned on (even if you - are using the fake sendmail executable that Postfix provides). - - - +
-
diff --git a/docs/xml/installation.xml b/docs/xml/installation.xml index 944b033548..09da7dfdf3 100644 --- a/docs/xml/installation.xml +++ b/docs/xml/installation.xml @@ -1,5 +1,5 @@ - + Installing Bugzilla @@ -573,7 +573,8 @@ The PatchReader module is only required if you want to use Patch Viewer, a Bugzilla feature to show code patches in your web browser in a more - readable form. + readable form. For more information on Patch Viewer, see + .
@@ -647,7 +648,6 @@ -
Configuration @@ -1048,14 +1048,14 @@ checksetup.pl can set tighter permissions on Bugzilla's files and directories if it knows what group the - webserver runs as. Find the Group + web server runs as. Find the Group line in httpd.conf, place the value found there in the $webservergroup variable in localconfig, then rerun checksetup.pl. - + Optional: If Bugzilla does not actually reside in the webspace @@ -1118,7 +1118,7 @@ checksetup.pl can set tighter permissions on Bugzilla's files and directories if it knows what group the - webserver runs as. Find the Group + web server runs as. Find the Group line in httpd.conf, place the value found there in the $webservergroup variable in localconfig, then rerun @@ -1241,7 +1241,7 @@ c:\perl\bin\perl.exe -xc:\bugzilla -wT "%s" %s The ActiveState install may have already created an entry for .pl files that is limited to GET,HEAD,POST. If so, this mapping should be removed as - Bugzilla's .pl files are not designed to be run via a webserver. + Bugzilla's .pl files are not designed to be run via a web server. @@ -1312,8 +1312,7 @@ c:\perl\bin\perl.exe -xc:\bugzilla -wT "%s" %s
- - +
Optional Additional Configuration @@ -1480,163 +1479,7 @@ c:\perl\bin\perl.exe -xc:\bugzilla -wT "%s" %s
- -
- Patch Viewer - - - Patch Viewer is the engine behind Bugzilla's graphical display of - code patches. You can integrate this with copies of the - cvs, lxr and - bonsai tools if you have them, by giving - the locations of your installation of these tools in - editparams.cgi. - - - Patch Viewer also optionally will use the - cvs, diff and - interdiff - command-line utilities if they exist on the system. - Interdiff can be obtained from - . - If these programs are not in the system path, you can configure - their locations in localconfig. - - - -
- -
- LDAP Authentication - - LDAP authentication is a module for Bugzilla's plugin - authentication architecture. - - - - The existing authentication - scheme for Bugzilla uses email addresses as the primary user ID, and a - password to authenticate that user. All places within Bugzilla where - you need to deal with user ID (e.g assigning a bug) use the email - address. The LDAP authentication builds on top of this scheme, rather - than replacing it. The initial log in is done with a username and - password for the LDAP directory. Bugzilla tries to bind to LDAP using - those credentials, and if successful, try to map this account to a - Bugzilla account. If a LDAP mail attribute is defined, the value of this - attribute is used, otherwise emailsuffix parameter is appended to LDAP - username to form a full email address. If an account for this address - already exists in your Bugzilla system, it will log in to that account. - If no account for that email address exists, one is created at the time - of login. (In this case, Bugzilla will attempt to use the "displayName" - or "cn" attribute to determine the user's full name.) After - authentication, all other user-related tasks are still handled by email - address, not LDAP username. You still assign bugs by email address, query - on users by email address, etc. - - - - Because the Bugzilla account is not created until the first time - a user logs in, a user who has not yet logged is unknown to Bugzilla. - This means they cannot be used as an assignee or QA contact (default or - otherwise), added to any cc list, or any other such operation. One - possible workaround is the bugzilla_ldapsync.rb - script in the - contrib directory. Another possible solution is fixing - bug - 201069. - - - - Parameters required to use LDAP Authentication: - - - - user_verify_class - - This parameter should be set to LDAP - only if you will be using an LDAP directory - for authentication. If you set this param to LDAP but - fail to set up the other parameters listed below you will not be - able to log back in to Bugzilla one you log out. If this happens - to you, you will need to manually edit - data/params and set user_verify_class to - DB. - - - - - - LDAPserver - - This parameter should be set to the name (and optionally the - port) of your LDAP server. If no port is specified, it assumes - the default LDAP port of 389. - - Ex. ldap.company.com - or ldap.company.com:3268 - - You can also specify a LDAP URI, so as to use other - protocols, such as LDAPS or LDAPI. If port was not specified in - the URI, the default is either 389 or 636 for 'LDAP' and 'LDAPS' - schemes respectively. - - Ex. ldap://ldap.company.com, - ldaps://ldap.company.com or - ldapi://%2fvar%2flib%2fldap_sock - - - - - - LDAPbinddn [Optional] - - Some LDAP servers will not allow an anonymous bind to search - the directory. If this is the case with your configuration you - should set the LDAPbinddn parameter to the user account Bugzilla - should use instead of the anonymous bind. - - Ex. cn=default,cn=user:password - - - - - LDAPBaseDN - - The LDAPBaseDN parameter should be set to the location in - your LDAP tree that you would like to search for email addresses. - Your uids should be unique under the DN specified here. - - Ex. ou=People,o=Company - - - - - LDAPuidattribute - - The LDAPuidattribute parameter should be set to the attribute - which contains the unique UID of your users. The value retrieved - from this attribute will be used when attempting to bind as the - user to confirm their password. - - Ex. uid - - - - - LDAPmailattribute - - The LDAPmailattribute parameter should be the name of the - attribute which contains the email address your users will enter - into the Bugzilla login boxes. - - Ex. mail - - - - -
-
Serving Alternate Formats with the right MIME type