How to set up dual authentication for Mantis - LDAP and database users?

Question

We have an instance of MantisBT and we managed to set up LDAP authentication but we need to enable also authentication based on the Mantis's users (separately from LDAP for some users) very much alike in this question for Ruby.

Unfortunately, it seems that you can easily set up Mantis to either authenticate via LDAP or via its users but enabling both authentication protocols is problematic. Do you have any suggestion?

Answer 1

Looking at the source code, in the function auth_does_password_match() that actually performs the authentication :

function auth_does_password_match( $p_user_id, $p_test_password ) {
    $t_configured_login_method = config_get_global( 'login_method' );

    if ( LDAP == $t_configured_login_method ) {
        return ldap_authenticate( $p_user_id, $p_test_password );
    }

    # code continues with a try for each of the other authentication methods
    # ...
}

The 1st condition tests the login method $t_configured_login_method and if it's "LDAP" tries to authenticate accordingly. Ok nothing crazy here, but the statement return ldap_authenticate(...); doesn't allow for other authentication methods.

Fortunately, it's not a big deal to patch so that if LDAP authentication fails, it can fallback to other authentication methods.

Basically, it requires the return value of ldap_authenticate() to be returned only if LDAP authentication succeeds, but not otherwise so that the code can keep trying with other auth methods. The 1st condition would look like this :

    if (LDAP == $t_configured_login_method && ldap_authenticate($p_user_id, $p_test_password)) {
        return TRUE;
    }

To make things properly, you can create your own constant for t_configured_login_method so that you can add your own logic and don't interfere with other auth methods.