4

After reading this guide and trying a ton of permutations based on that, is there an easy way to get Bugzilla working with an AD server? I keep getting the error:

80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

I created an AD "bugzilla" user account with "Account Operators" permission as directed. I'm not sure if the error is saying that my login is incorrect or the system login to access LDAP is incorrect. Maybe I just missed an arcane option somewhere in the settings. You'd think all I'd need to do is specify the server name.

As you might have been able to tell, I don't have a lot of LDAP experience.

Also, will the Sysinternals LDAP tool help here?

user65712
  • 389
  • 1
  • 8
  • 17

4 Answers4

2

For the binding account details I've only had to use

user@somedomain.local:password

instead of puttingn the full DN of the user in.

RichyL
  • 41
  • 4
2

The 'data 52e' = "invalid credentials", doesn't ALWAYS mean "bad password"

I was getting this error using the correct password, and then found that due to the setup of my AD server I needed to specify the domain as well:

johngh / mypassword didn't work

MYDOMAIN\johngh / mypassword DID work! :-)

JohnGH
  • 260
  • 2
  • 4
1

The 'data 52e' part means invalid credentials, which means bad password.

525 would be a bad DN you are trying to connect with.

You can test with a simple LDAP browser like ApacheDS or LBE and be sure you have the bind DN and password correct.

geoffc
  • 2,135
  • 5
  • 25
  • 37
0

it worked for me that way:

bugzilla\data\params

"LDAPBaseDN" : "DC=domain,DC=com,DC=br",    
"LDAPbinddn" : "CN=USER_AD,CN=Users,DC=domain,DC=com,DC=br:USER_PASSWORD",    
"LDAPfilter" : "",    
"LDAPmailattribute" : "mail",    
"LDAPserver" : "ldap://server.domain.com.br:389",    
"LDAPstarttls" : "0",    
"LDAPuidattribute" : "sAMAccountName",

It is necessary to configure the mail attribute with the domain user's email.

Swisstone
  • 6,357
  • 7
  • 21
  • 32