lhrslsshahi
asked on
Testrail - Active Directory integration.
Hello
I am trying to integrate Testrail with Active Directory using the script from http://docs.gurock.com/testrail-integration/auth-activedirectory
Below is the section where are all the changes are unique.
I keep getting when trying to login External auth: Bind: Invalid credentials
define('AUTH_HOST', 'dc.blah-route.local');
define('AUTH_PORT', 389);
define('AUTH_DN', 'CN=Testrail_Access_Group, OU=Securit y Groups,OU=Groups,OU=Val,DC =blah-rout e,DC=local ');
define('AUTH_DOMAIN', 'blah-route.local');
define('AUTH_CREATE_ACCOUN T', false);
define('AUTH_FALLBACK', true);
define('AUTH_MEMBERSHIP', '/^CN=Testrail_Access_Grou p');
I am trying to integrate Testrail with Active Directory using the script from http://docs.gurock.com/testrail-integration/auth-activedirectory
Below is the section where are all the changes are unique.
I keep getting when trying to login External auth: Bind: Invalid credentials
define('AUTH_HOST', 'dc.blah-route.local');
define('AUTH_PORT', 389);
define('AUTH_DN', 'CN=Testrail_Access_Group,
define('AUTH_DOMAIN', 'blah-route.local');
define('AUTH_CREATE_ACCOUN
define('AUTH_FALLBACK', true);
define('AUTH_MEMBERSHIP', '/^CN=Testrail_Access_Grou
I'm not really following the documentation on the site that well, but the setting for "AUTH_DN" implies that it should be a DN of the scope of where you want the users from, so it should be:
OU=Security Groups,OU=Groups,OU=Val,DC =blah-rout e,DC=local
Where they state:
You can also specify specific user groups if you only want to allow specific users to authenticate with TestRail.
...I think that means that you use the "AUTH_MEMBERSHIP" setting for that. You may want to leave that out for now, get it working, then add it back. Debug in layers, once you get one step to work, then add another.
OU=Security Groups,OU=Groups,OU=Val,DC
Where they state:
You can also specify specific user groups if you only want to allow specific users to authenticate with TestRail.
...I think that means that you use the "AUTH_MEMBERSHIP" setting for that. You may want to leave that out for now, get it working, then add it back. Debug in layers, once you get one step to work, then add another.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help.
I changed the below to get it working.
define('AUTH_DN', 'OU=Users,DC=blah-route,DC =local'); - Users reside under the USERS OU.
define('AUTH_MEMBERSHIP', '/^CN=Testrail_Access_Grou p,/');
Login was blah-route\joeb and not joeb
I changed the below to get it working.
define('AUTH_DN', 'OU=Users,DC=blah-route,DC
define('AUTH_MEMBERSHIP', '/^CN=Testrail_Access_Grou
Login was blah-route\joeb and not joeb
This should be a OU. You cannot use a group here, it's the base for the search.
That, however, should not give you an Invalid Credentials message.
This article describes use of specific credentials (Bind DN and Password) against a generic LDAP directory. It's what I'd rather expected to see here:
http://docs.gurock.com/testrail-integration/auth-ldap
For this to be single sign-on without those, I'd expect you to have to enable Windows Authentication on the web server, or for the server side code to be running under a domain-privileged account. For that to be possible it would need to be IIS, is it?
This hypothesis is roughly consistent with the implementation of the authentication component here:
https://github.com/gurock/testrail-auth/blob/master/examples/active-directory/auth.php
It does not, unlike the generic LDAP version, explicitly authenticate against the LDAP directory.