Open Bug 51191 Opened 24 years ago Updated 7 years ago

[LDAP] Bugzilla should be able to create new accounts in LDAP

Categories

(Bugzilla :: User Accounts, enhancement, P3)

Product:
Bugzilla
Component:
User Accounts
Type:
enhancement

Tracking

()

People

(Reporter: jmrobins, Unassigned)

References

Details

In the current LDAP patches I've submitted, Bugzilla is unable to create a new LDAP acccount. If a user tries to create a new account, they are informed instead to contact an LDAP administrator. However, at some installations, the admins might not want to have to create a new LDAP account for each user themselves. They might want to allow Bugzilla to do this. This would require another operating parameter to determine whether Bugzilla can create a new account or not, some changes to createaccount.cgi to watch for this and deal with it appropriately, and probably a new method in globals.pl for actually creating the new LDAP account.
Blocks: 51182
Target Milestone: --- → Future
-> Bugzilla product
Assignee: tara → myk
Component: Bugzilla → User Accounts
Product: Webtools → Bugzilla
Version: other → unspecified
I had the same problem with my LDAP enabled Bugzilla. To get around it I created a function (in similar form to those already in CGI.pl) called CGI.pl:: # Wed Aug 29 15:27:31 EDT 2001 ------------------ jlaska # SUB: LDAPdn_to_cn # ARGUMENTS: $email - string # $conn - a valid LDAP connection string, if NULL new connection is created # RETURNS: $cn - a LDAP stored cn (certified name?) sub LDAPemail_to_cn { my ($email,$LDAPconn) = (@_); my $LDAPserver = Param("LDAPserver"); my $LDAPport = "389"; # default LDAP port my $dnEntry = new Mozilla::LDAP::Entry(); my $cn = ""; my $arg2_flag = ($LDAPconn)?(1):(0); # is LDAP enabled by bugzilla? if ( Param("useLDAP") ) { # are the LDAP modules installed? if ( $have_ldap ) { # if a valid connection was not passed as an argument, we need to connect if ( !$LDAPconn ) { if ( $LDAPserver =~ /:/ ) { ($LDAPserver, $LDAPport) = split(":",$LDAPserver); } # connect to the server $LDAPconn = new Mozilla::LDAP::Conn($LDAPserver,$LDAPport); } # search for user my $filter = "(". Param("LDAPmail") ."=$email)"; if ( Param("LDAPadditional") ) { $filter = "(&$filter" . Param("LDAPadditional") . ")"; } $dnEntry = $LDAPconn->search(Param("LDAPBaseDN"),"subtree", $filter); # if we found a LDAP DN for the email argument given, set the $cn and return if ( $dnEntry ) { $cn = @{$dnEntry->{cn}}[0]; } if ( $arg2_flag ) { $LDAPconn->close; } } } return $cn; } This function makes use of a Parameter I added to support installation configurable LDAP filters in bug#122365. The above function is then called from globals.pl::DBNameToIdAndCheck(). This way, if a user is put on as a CC and they don't exist in the database yet, it will go and grab their info from the lDAP server. The same is true for reassigning bugs, if the user hasn't ever logged into bugzilla yet...it would grab their info from the LDAP server. globals.pl::DBNameToIdAndCheck sub DBNameToIdAndCheck { my ($name, $forceok) = (@_); $name = html_quote($name); my $result = DBname_to_id($name); if ($result > 0) { return $result; } if ($forceok) { InsertNewUser($name, ""); $result = DBname_to_id($name); if ($result > 0) { return $result; } print "Yikes; couldn't create user $name. Please report problem to " . Param("maintainer") ."\n"; } elsif ( Param("useLDAP") ) { # Are we using LDAP, if so add this user my $realname = LDAPemail_to_cn($name); # search LDAP for the realname attached to the email addr if ( $realname ) { InsertNewUser( $name, $realname ); $result = DBname_to_id($name); if ($result > 0) { return $result; } } else { print "The email address <TT><font color=\"blue\">$name</font></TT> could not be found. Either you\n"; print "misspelled it, or the person does not exist in the w3 bluepages directory.\n"; print "If you think the email address <TT><font color=\"blue\">$name</font></TT> exists in the w3 bluepages directory, please report this problem to ".Param("maintainer") ."\n"; } } else { print "\n"; # http://bugzilla.mozilla.org/show_bug.cgi?id=80045 print "The name <TT>$name</TT> is not a valid username. Either you\n"; print "misspelled it, or the person has not registered for a\n"; print "Bugzilla account.\n"; print "<P>Please hit the <B>Back</B> button and try again.\n"; } PutFooter(); # there was an error if this point has been reached, close the HTML exit(0); } I hope you find this helpfull! I certainly do :)
i've read through the comments on this bug, and it seems that james is hitting on a slightly different problem than what the bug was originally created to address... myk: wants to add a feature that gives bugzilla the ability/power to add a user to LDAP when LDAP does not already contain a user's information james: developed code that lets someone add someone to the bugzilla DB using information pulled from LDAP when a user doesn't already exist in profiles maybe james' response should be another bug with a summary that looks something like: "cannot add user in LDAP mode if user has not logged in once" either way, james' post was very helpful, but i wouldn't have found it unless i read through an otherwise irrelevant bug.
went ahead and created a new bug to adress a similar but different issue as described by james below. see bug 201069.
that's "address" and it's above, not below... =/ i'm tired, sorry.
QA Contact: mattyt-bugzilla → default-qa
No longer blocks: 51182
Just to clarify the purpose of this bug: LDAP can already create new Bugzilla accounts in the DB. We want Bugzilla to be able to create new accounts in LDAP.
Assignee: myk → user-accounts
Summary: With LDAP, Bugzilla should be able to create new accounts. → [LDAP] Bugzilla should be able to create new accounts in LDAP
Target Milestone: Future → ---
Flags: needinfo?(user-accounts)
Was this a question?
Flags: needinfo?(user-accounts)
You need to log in before you can comment on or make changes to this bug.