Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

LDAPS on Testrail using windows server


#1

Good day everyone, I have LDAP authentication up and running in my Testrail installation,
and I understand the changes that I have to make to auth.php file in order to use the LDAPS authentication service, however: how would I register my LDAPS server SSL Certs into my testrail installation if I’m using IIS 8?

just for the record I just installed my testrail’s website SSL CA cert within IIS 8.

I do have the SSL cert that belongs to my LDAPS server.

Thanks a lot, and every bit of help is greatly appreciated.

Cheers

Jesse


#2

Hi Jesse,

Thanks for your posting. We have a thread which explains the general steps for Ubuntu/Linux:

There are some changes required for Windows (e.g. the ldap.conf) and the following tutorial looks excellent:

http://stackoverflow.com/questions/14815142/php-ldap-bind-on-secure-remote-server-windows-fail

(first answer)

I hope this helps but please let me know in case anything is unclear.

Cheers,
Tobias


#3

Thanks Tobias, I will review the info and I will let you know.

Thanks again

Jesse


#4

Hi Jesse,

Happy to help, just let me know any further questions come up.

Cheers,
Tobias


#5

Hi Tobias, I have this section from my configuration file
define(‘AUTH_HOST’, ‘appa.corp.nce.com’);
//define(‘AUTH_HOST’, ‘ldaps://appa.corp.nce.com/’);
define(‘AUTH_PORT’, 389);
//define(‘AUTH_PORT’, 636);
//define(‘AUTH_DN’, ‘CN=Users,DC=corp,DC=nce,DC=com’);
define(‘AUTH_DN’, ‘DC=corp,DC=nce,DC=com’);
define(‘AUTH_DOMAIN’, ‘corp’);
define(‘AUTH_CREATE_ACCOUNT’, true);
define(‘AUTH_FALLBACK’, true);
define(‘AUTH_MEMBERSHIP’, ‘’); the way it is works just fine but when I enable the 636 port and enable the ldaps AUTH_HOST when I try to login I get this error:

External auth: Bind: Can’t contact LDAP server

any ideas?

Thanks

Jesse


#6

Hi Tobias I have this section of my ldap script:
define(‘AUTH_HOST’, ‘appa.corp.nce.com’);
//define(‘AUTH_HOST’, ‘ldaps://appa.corp.nce.com/’);
define(‘AUTH_PORT’, 389);
//define(‘AUTH_PORT’, 636);
//define(‘AUTH_DN’, ‘CN=Users,DC=corp,DC=nce,DC=com’);
define(‘AUTH_DN’, ‘DC=corp,DC=nce,DC=com’);
define(‘AUTH_DOMAIN’, ‘corp’);
define(‘AUTH_CREATE_ACCOUNT’, true);
define(‘AUTH_FALLBACK’, true);
define(‘AUTH_MEMBERSHIP’, ‘’);

The way it is does work but as soon as I enable the AUTH_HOST for ldaps and change the port, when I try to login TestRail gives me this error:

External auth: Bind: Can’t contact LDAP server

Any Ideas?

Thanks


#7

Hi Tobias:

I add a segment of my login script:

define(‘AUTH_HOST’, ‘appa.corp.nce.com’);
//define(‘AUTH_HOST’, ‘ldaps://appa.corp.nce.com/’);
define(‘AUTH_PORT’, 389);
//define(‘AUTH_PORT’, 636);
//define(‘AUTH_DN’, ‘CN=Users,DC=corp,DC=nce,DC=com’);
define(‘AUTH_DN’, ‘DC=corp,DC=nce,DC=com’);
define(‘AUTH_DOMAIN’, ‘corp’);
define(‘AUTH_CREATE_ACCOUNT’, true);
define(‘AUTH_FALLBACK’, true);
define(‘AUTH_MEMBERSHIP’, ‘’);

The way it is works but as soon as I enable the AUTH_PORT 636 and the AUTH_HOST ldaps TestRail
throws me this error:

External auth: Bind: Can’t contact LDAP server

Any Ideas
Thanks

Jesse


#8

Hi Tobias, for some reason my reply got hidden from view.?


#9

Hi Jesse,

The postings should be visible again (it appears they got flagged due to spam protection or similar). Are you sure the address and port of the LDAP server is correct? Could you ask your LDAP administrator for the address you can use? If the address is correct, have you added the ldap.conf file as suggested in the Stackoverflow posting?

Cheers,
Tobias


#10

Thanks Tobias, yes I have added the ldap.conf file as requested, it is under C:\openldap\sysconfig\openldap.conf I also created the keystore where I appended my CA certificates, but I think that for the nature
of the error maybe php is having trouble handling LDAPS protocol.

Jesse


#11

Hi Jesse,

Thanks for the update. I believe we are already in contact via email as well and are waiting for a response.

Cheers,
Tobias


#12

Hi Tobias:

I compared the information found here: http://docs.gurock.com/testrail-integration/auth-ldap against this:
http://docs.gurock.com/testrail-integration/auth-activedirectory and I realized that the auth.php scriipt installed in my system corresponds with a connection via Active Directory, that is why I could not make it work with LDAPS to begin with. I think that is safe to say that since my testrail is working with Active Directory authentication is pretty
safe, so I don’t see the need to make the authentications in Testrail via LDAPS.

Thanks for all your help
Cheers

Jesse


#13

Thanks for the update, Jesse! I cannot really comment on the security of the connection because of my limited experience with AD but good to hear that this works for you. My guess is that AD also differentiates between LDAP and LDAPS, or uses a START-TLS mechanism.

Cheers,
Tobias