Problem
Authentication fails with the following error even when not using an LDAP user:
Failed to bind to the LDAP server. The error message was: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece�
To me this is a straight up bug. I am not sure if it is reported.
Cause
Bugzilla will not even try authenticate a local user using another authentication method when LDAP integration is both list first and failing. If LDAP is the first option in the authentication methods, then if the credentials are invalid, it just stops the entire authentication process and returns this error:
Business/Impact
Low. While this could disallow all logins to the bugzilla web page, including administrator logins. A server administrator can make a manual change to one of configuration text files.
Resolution
Authentication is configured to use LDAP then DB. It needs to be reversed, where it tries DB then LDAP.
There is a setting called user_verify_class in Bugzilla that allows you to select the different authentication methods you want to use. There are two places to access this:
- Through the web administration
- Through the bugzilla/data/params file
Through Web Administration
Log in as an administrator and go to Administration | Parameters | User Authentication.
Then look for the user_verify_class setting.
Click on DB and click to move it up to the top of the list.
Through the bugzilla/data/params file
Using a text editor, open the params file located under the bugzilla website and under the data folder.
Look for the following line to configure this manually in text:
‘user_verify_class’ => ‘LDAP,DB’,
Change it to:
‘user_verify_class’ => ‘DB,LDAP’,
The user_verify_class setting
This setting allows for enabling and disabling authentication as well as providing the order for enabled authentication methods.
By default only DB is enabled. But it can be configured so that both DB, and LDAP are enabled and they can be ordered so either is first. However, LDAP should NOT be first. The following setting should be used.
‘LDAP,DB’,