Bugzilla: Active Directory Integration

As you might have guessed from previous posts, I’m currently in the process of implementing a single-sign-on scenario within our network. Or, at least, I’m trying to have at least one single username/password combo for all internal services. Authentication is therefore realized against an Active Directory, based on a Microsoft Windows 2003 Server.

For integration of Bugzilla into the Active Directory, see this link (Update: Link is broken, for an archived version, use this link, thanks to the commenter!).

TikiWiki and Active Directory Integration

If you want to authenticate TikiWiki agaist Microsoft Active Directory, have a look at this article.

The most interesting part in this posting is that if you are using a Windows 2003 Server, you need to patch the LDAP.php in the PEAR authentication module, as Win2k3 by default does not allow any anonymous queries against the directory.

In <tikiroot>/lib/pear/Auth/Container/LDAP.php search for the following line in function _connect():

if ((@ldap_bind($this->conn_id)) == false) {

and replace it with

if ((@ldap_bind($this->conn_id,"someuser","somepassword")) == false) {

Note, that someuser is in the form of user@domain.tld.

I also recommend to choose to authenticate your admin user against the internal database and not the LDAP (AD) container, otherwise you will lock yourself out easily.

Changing MSDE Authentication Scheme After Installation

If you are using Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) you are supposed to decide if you are going to use “integrated windows authentification” only or if you are using “mixed mode authetication”. Latter is sometimes considered less secure but if you are developing ASP.NET applications it can be easier to use a non-NT user for the connection.

If you ever tried that you are surly familiar with the “login is not associated with a trusted connection” exception when trying to access the database. Today I had to install an ASP.NET application on a server with MSDE where mixed mode authentication was not available. A quick research on the net revieled a blog entry indicating how to change the authentication scheme of MSDE after the installation.

  • Stop the MSDE service
  • Search the registry for

    HKEY_LOCAL_MACHINE\Software\Microsoft\MSSqlserver\MSSqlServer

    (for unnamed instances) or

    HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\Instance Name\MSSQLServer\

    (for named instances)

  • Change the key LoginMode to value 2.

Unlike a comment on the page, value 0 will not work (at least it didn’t in my case).