using active directory ldap authentication with testlink

5 Replies

Someone requested a testlink install here at work and of course I wanted LDAP authentication (single sign in is good). On debian you’ll need ‘php5 php5-mysql php5-ldap mysql-server’ installed and you will need to restart apache (not reload!) after these are installed. Mostly I’m assuming you got testlink setup and into the database already and you’re just looking for documentation on adding ldap support.

Find the config.inc.php file in the root of your testlink tree and make sure the following settings are set:

$g_login_method = ‘LDAP’;
$g_ldap_server = ‘ad.example.org’;
$g_ldap_port = ‘3268’;
$g_ldap_root_dn = ‘DC=ad,DC=example,DC=org’;
$g_ldap_organization = ”; # e.g. ‘(organizationname=*Traffic)’
$g_ldap_uid_field = ‘sAMAccountName’; # Use ‘sAMAccountName’ for Active Directory
$g_ldap_bind_dn = ‘CN=BindUser,CN=Users,DC=ad,DC=example,DC=org’; // Left empty if you LDAP server allows anonymous binding
$g_ldap_bind_passwd = ‘bindpassword’; // Left empty if you LDAP server allows anonymous binding

Note a few things. set ldap server not to a single servername by to the dns name for the domain, or UPN or whatever you call it. You may notice this points to your domain controllers, allowing ghetto-redundancy. If all of your DC’s are not GC, use “gc._msdcs.example.org” as you’ll see that I’m using port 3268 (the global catalog) rather than 389 (ldap). This is because php5-ldap or libldap2 or even testlink is getting confused when it sees those stupid LDAP referrals you get when you query your basedn is your domain instead of an OU or CN=Users and will fail. Using the GC instead just works. Since this is Active Directory, unless you’ve hacked it to allow anonymous binding you will need a binddn and bindpw, which can be a regular user or you can go find the documentation on creating this more securely if it matters to you.

LDAPMessage searchResDone(2) Unknown result(9) (Referral:
ldap://ForestDnsZones.corp.widemile.com/DC=ForestDnsZones,DC=corp,DC=widemile,DC=com
ldap://DomainDnsZones.corp.widemile.com/DC=DomainDnsZones,DC=corp,DC=widemile,DC=com

You’ll then need to create a user via the new user link on the web interface. Make sure username matches up with your sAMAccountName value, that is, your regular username.

Then go into mysql (mysql -u root -p testlink) and make yourself an admin:

update users set role_id=8 where id=2;

Assuming that you’re the first user you created (admin is id=1) (see the users table and the roles table for more information). Now go back and log into the web interface.

5 thoughts on “using active directory ldap authentication with testlink

  2. btm Post author

    Just installed Testlink 1.8 Beta3 and found all the LDAP configuration variable names have changed:

    // LDAP Login
$tlCfg->authentication['method']            = 'LDAP';
$tlCfg->authentication['ldap_server']       = 'ad.example.org';
$tlCfg->authentication['ldap_port']         = '3268';
$tlCfg->authentication['ldap_version']      = '3';
$tlCfg->authentication['ldap_root_dn']      = 'DC=ad,DC=example,DC=org';
$tlCfg->authentication['ldap_organization'] = '';
$tlCfg->authentication['ldap_uid_field']    = 'sAMAccountName'
$tlCfg->authentication['ldap_bind_dn']      = 
'CN=BindUser,CN=Users,DC=ad,DC=example,DC=org';
$tlCfg->authentication['ldap_bind_passwd']  = 'bindpassword';
  3. lavanya

    Hi,

    I have installed ldap on my local machine at:/etc/ldap and testlink(1.7.4) under /var/www

    I am a little confused about what $g_ldap_server should be set to.Should i set it to localhost?

    If you could point me in the right direction i would really appreciate it.Thanks.

  4. Pingback: Integrando TestLink ao Active Directory via Open LDAP « Camilo Ribeiro

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.