home

Installing Bugzilla 2.17.4 on RedHat 9 
with LDAP authentication

The instructions for installing Bugzilla at bugzilla.org are not very good. Following them on a RedHat server will result in duplicate installations of lots of modules, which is quite an undesirable outcome. Unless otherwise noted any references to external documentation below refer to the step by step instructions at bugzilla.org

I chose to install development release 2.17.4 to get support for LDAP.  The only bug I've noticed so far is an LDAP bug detailed below.

Updated 7/9/04: I originally installed Bugzilla on RedHat 9 and have since upgrade the server to Fedora Core 2.  These instructions are probably pretty good for an installation on FC2, but I haven't tried them.  Bugzilla mail broke after the upgrade because it was hardcoded to use /usr/lib/sendmail, which is now gone and replaced by /usr/lib/sendmail.sendmail.  This was apparently a bug in this version of sendmail that has since been fixed.  I modified Bugmail.pm per section 2.4.1.3.2 of this document to fix it.

http://www.bugzilla.org/docs/tip/html/os-specific.html

1. Install the following modules from the Redhat CDs if you don't have them installed already

apache
mysql
perl

Optional:
Install all of the standard X windows software development packages – 11 out of 18. You don’t need any of the ‘extra’ packages. These are only required to make GD work, one of the optional packages necessary for graphing.
These are supposedly the only development packages that are necessary, but I installed them all:
XFree86-devel
libpng-devel
libjpeg-devel
freetype-devel
gd-devel

tcl and tcltk are both required to make graphviz work. Tcl is on CD 1 of RedHat 9; tcltk must be downloaded.

http://www.redhat.com/swr/i386/tcl-8.3.5-88.i386.html
http://www.redhat.com/swr/i386/tk-8.3.5-88.i386.html

2. Patch your server.

3. Extract bugzilla to a location like /usr/local/bugzilla. It will create a version specific directory under that one.

4. Modify /etc/httpd/conf/httpd.conf. These updates are more or less covered in section 4.4.1 of the step-by-step instructions at bugzilla.org. I added the following lines:

Alias /bugzilla "/usr/local/bugzilla/bugzilla-2.17.4"

<Directory "/usr/local/bugzilla/bugzilla-2.17.4">
Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride Limit
Order allow,deny
Allow from all
</Directory>

You also need to uncomment this line in httpd.conf per section 4.4.1

AddHandler cgi-script .cgi

Lastly, add index.cgi to this line in httpd.conf per section 4.2.6

DirectoryIndex index.html index.cgi index.html.var

5. Mandatory perl modules. Run checksetup.pl and let it tell you what perl modules are missing from your system. Do NOT install the complete bugzilla bundle as suggested in step 4.1.4 of the bugzilla.org step-by-step installation instructions. Many of the required perl modules are already installed, and you will only confuse yourself and your system by running this bundle. Here’s what I needed:

AppConfig – version 1.55 installed painlessly 
http://www.cpan.org/modules/by-module/AppConfig/

template-toolkit – version 2.10 installed – it asks lots of questions, I just used the default answers. See section 4.1.5.7.
http://www.template-toolkit.org/

TimeDate bundle – version 1.16 installed painlessly. See section 4.1.5.4.

http://www.cpan.org/modules/by-module/Date/

6. Optional perl modules 

GD 1.41
GD requires gd. You can’t install the latest and greatest GD 2.x without going through lots of extra effort because RedHat 9.0 ships with gd-1.8.4-11. See section 4.1.5.5.

I got a warning on make test “8libgd was not built with xpm support”, but make install worked.

http://www.cpan.org/modules/by-module/GD/GD-1.41.readme

Chart 2.2 – version 2.2 installed painlessly. See section 4.1.5.6.

http://www.cpan.org/modules/by-module/Chart/Chart-2.2.readme

GD::Text – version 0.86 installed painlessly - I went ahead and installed the whole thing instead of just GD::Text::Align
http://search.cpan.org/author/MVERB/GDTextUtil-0.86/

GD::Graph – version 1.43 installed painlessly - requires GD:Text, so do them in order
http://search.cpan.org/author/MVERB/GDGraph-1.43/

GraphViz – version 1.10 installed painlessly from RPM. See section 4.2.1.

http://www.graphviz.org

7. Modify /etc/my.cnf and add the following line in the section [mysqld] – this is alluded to in step 4.1.3 in the step-by-step instructions. This allows larger attachments than the 64k default.

set-variable = max_allowed_packet=1M

8. mysql - follow the steps in section 4.1.8 of the step-by-step instructions.

9. Modify localconfig per section 4.1.9 of the step-by-step instructions. Specifically, you need to tell it the mysql bugs password you created in the previous step by entering it in this line
$db_pass = ‘password’;

You also need to change this line
$webservergroup = ‘nobody’;
to this
$webservergroup = ‘apache’;

10. Re-run checksetup.pl – it should work this time.

11. At this point bugzilla should function.

12. LDAP authentication (optional) – see section 4.2.4 of the step-by-step instructions

First change the variable ‘err’ to ‘error’ in line 79 of Bugzilla/Auth/LDAP.pm to correct this bug.
http://bugzilla.mozilla.org/show_bug.cgi?id=210324

You’ll need to re-compile bugzilla, which is easily done by re-running checksetup.pl

Now install Convert-ASN1-0.17, which is required by perl-ldap-0.29
http://search.cpan.org/author/GBARR/Convert-ASN1-0.17/

Install perl-ldap – version 0.29 installed with lots of errors – the errors are ok as long as you don’t want to install use LDAP over SSL. (I spent at least a day trying to get all the necessary SSL modules installed before giving up.)
http://search.cpan.org/author/GBARR/perl-ldap-0.29/

http://search.cpan.org/~gbarr/perl-ldap-0.29/lib/Net/LDAP.pod#BUGS 

13. At this point you should be able to successfully change your authentication to LDAP.

14. Authenticating bugzilla against Windoze 2000 Active Directory via LDAP (optional)

Nearly all LDAP directory servers allow clients using an anonymous bind to get useful answers. Active Directory allows anonymous bind, but then refuses to give any useful answers. You need to bind with a valid username and password to get useful answers. For example, to bind the built-in username ‘administrator’ and a password of password, you need to enter LDAPbinddn 

cn=administrator, cn=users, dc=yourdomain, dc=com:password

Note that LDAP is extremely picky about details – order does matter; hierarchy must be exact before you will get a useful bind. Also note that ANY valid username can be used for the LDAP bind – it doesn’t need to be the domain administrator (and for security reasons should not be). There is a Windoze 2000 Resource Kit utility ldp.exe which helps determine what works and what doesn’t.

Active Directory also allows Windoze 2000 style usernames for LDAPbinddn:

Yournetbiosdomain\administrator:password

Nearly all LDAP directory servers use the attribute ‘uid’ to query for a user’s login name. Active Directory does not. Enter LDAPuidattribute:

mail

which matches the default LDAPmailattribute.

You’ll also need to set LDAPserver and LDAPBaseDN. In this example LDAPBaseDN would be

dc=yourdomain, dc=com

One of the problems with bugzilla is that you can not assign a bug to someone until they have an account.  Using LDAP, you can temporarily switch back to the default authentication method, manually create accounts for all your users using a default password, and then set the authentication method back to LDAP. Only the users know their LDAP passwords, and now they all have accounts.