Skip to content

In case I'm not around.

Month: August 2013

MantisTouch login not working after LDAP switch

Tags:

Ran into the problem that MantisTouch was not working. This was after a recent upgrade of the Mantis bugtracking system to use LDAP for authentication. Every login attempt would fail without further details other than that the username/password is incorrect. After some analysis found the cause: the config parameter _$g_log_level_ was set to _LOG_LDAP_. Somehow the log command resulted in an error:

[mantisconnect.php] Error Type: SYSTEM NOTICE,\nError Description: Undefined offset: 1
Stack Trace:ldap_api.php L349 log_event(<integer>16, <string>'Binding to LDAP server')

Disabling the debug log fixed the issue. Read on for the steps taken in the analysis.

Analysis

  1. In the Mantis touch files:
  2. Checked the file login_page.php for the cause of the log message. This page turned out to be only the displaying.
  3. login.php was the file which did the actual login attempt, invoking the WebService class from core/webservice_api.php
  4. Noticed that Mantis uses soap for the remote procedure calls
  5. Some debug echo statements in that file showed that the username and password arrived correctly just before invoking the soap webservice
  6. Found the URL to the soap interface in the WebService constructor PHPDoc (/api/soap/mantisconnect.php)
  7. Stored the WSDL from the URL and loaded it into SoapUI
  8. Executed the same API call from SoapUI as mantistouch does: _mc_enum_status_. Found this in the authenticate() call in _webservice_api.php_ which is invoked from login.php
  9. The response in SoapUI return a SoapFault with the message: Error Type: SYSTEM NOTICE, Error Description: Undefined offset: 1
  10. On checking the Apache logs of the mantis installing found that there was a notice there, related to _core/ldap_api.php_
  11. Added some debug statements to see which lines the script reached before the error and it turned out that it did not get any further than the log line mentioned in the stack trace
  12. Disabled the $_log_level parameter and this resolved the error!
  13. Further investigation showed a configuration error made during the implementation checks of the LDAP authentication. The file path mentioned in the _$g_log_destination_ parameter was incorrect, it was missing a directory name somewhere halfway the path. The strange thing is that this only affected the mantisconnect part, not the normal user interface.

Leave a Comment