LDAP/Active Directory Authentication
You can configure LDAP authentication at Admin > Site Configuration > Authentication. When it is enabled, FogBugz checks users' passwords against the LDAP directory (e.g., Windows Active Directory). It allows users to use the same password to log in to FogBugz as they use for other purposes (e.g., log in to their workstation or email).
User accounts still must be created in FogBugz (with names and email addresses). When a user logs in, FogBugz checks if the user exists in the FogBugz database and then checks the password against the matching name and email on the LDAP server. If you have an existing account in FogBugz and you want to switch to LDAP, make sure that the name and email address in FogBugz exactly match the name and email on the LDAP server.
- Checking the Allow LDAP to create new accounts automatically option allows any user with a valid LDAP account to log in to FogBugz. The first time they log in, a FogBugz account is created for them. It is an easy way to set up access to FogBugz for large teams. An administrator can later set the required permissions via groups.
- If you do not check the Allow LDAP to create new accounts automatically option, you must manually create new users in FogBugz. Make sure their full names and email addresses match exactly with the names and emails on the LDAP server. Those users will then be able to log in using their LDAP password.
For more information about matching fields between the FogBugz database and LDAP server, please refer to the article Fields FogBugz Matches with your LDAP or Active Directory Server.
New User Control
Normally, only administrators can create FogBugz accounts. But you can adjust the New User Control option as described below.
- If this option is set to Anybody can create a community account, anyone who can access the FogBugz URL will be able to create a community user. These users do not consume licenses. New community users created in this way do not have read or write permissions in any groups. They will have access to any wiki or discussion groups that are open to all community users. This option is only present if the Community Users feature is enabled.
- If this option is set to Anybody can create a normal account, anyone who can access the FogBugz URL will be able to create normal user accounts. Normal users consume licenses. Hence, this option is only used when your FogBugz server is protected by a firewall and you have a large number of potential users in your organization. New normal users created in this way do not have read or write permissions in any groups and must be added explicitly by an administrator. If you are using LDAP Authentication, this option is not available. Instead, you can check the box Allow LDAP to create new accounts automatically.
If this option is enabled, it allows community users to register to access wikis and discussion groups. Community users cannot use LDAP authentication; even if normal users are allowed to use LDAP, community users still need to use FogBugz Authentication.
LDAP Authentication Caveats
If you are using LDAP, please note that FogBugz will not be able to change your password anymore:
If you need to reset or recover your password, you must contact your Network (Active Directory) administrator, who will be able to fulfill your request.
If you are an administrator and lost access to FogBugz (using LDAP), please check the article Lost Password to Administrator Account.