Basic question about accounts and LDAP

Added by Leslie Houk about 9 years ago

This is more of a conceptual question than a how-to question, so I'm posting here instead of in the "Help" forum.

I'm a new Redmine user, and I'm thinking about using an external LDAP database for my account login information. I don't want to use on-the-fly user creation, because I don't want everyone with an LDAP account to be able to log on to Redmine. However, when I create new Redmine accounts, it requires me to enter a password. So, if I use LDAP and have an account with the same username as an existing Redmine account, will the user need to enter his LDAP password or his Redmine password when he logs in to Redmine? Thanks in advance to all who respond.

Replies (10)

RE: Basic question about accounts and LDAP - Added by Felix Schäfer about 9 years ago

I you have an LDAP source configured, you can choose whether to use the internal authentication or (one of) the LDAP authentication when creating a new using, the later not requiring a password to be entered.

RE: Basic question about accounts and LDAP - Added by Leslie Houk about 9 years ago

Felix,

Thanks for the response. It worked just as you said - when I changed the authentication method to my LDAP repository, the password prompts went away.

However, I don't seem to be able to add any of the new members to my project. When I go into the project's Settings -> Members menu, I can see the new members listed on the right of the screen, but when I check one of them and click on the Add button, nothing happens (other than the screen flashing "Loading..." for a moment and the check box next to the user's name becoming unchecked). Any ideas what might be going on?

Oh, I should probably mention that I'm running Redmine 0.9.5 under Fedora 12.

Thanks again,
Leslie

RE: Basic question about accounts and LDAP - Added by Felix Schäfer about 9 years ago

You have to choose members and give them a role, selecting only either of both won't do anything.

RE: Basic question about accounts and LDAP - Added by Leslie Houk about 9 years ago

Felix,

Thanks again! I just tried adding the user again, this time also specifying his role as Developer, and the add succeeded.

Leslie

RE: Basic question about accounts and LDAP - Added by Neal Bharadwaj about 9 years ago

Felix Schäfer wrote:

I you have an LDAP source configured, you can choose whether to use the internal authentication or (one of) the LDAP authentication when creating a new using, the later not requiring a password to be entered.

Felix,
Where is the option to do this? Are you saying that once I enable this LDAP authentication, it will not require the user to put in a password? but it will create there password based on the LDAP table?
Thanks,
Neal

RE: Basic question about accounts and LDAP - Added by Felix Schäfer about 9 years ago

Neal Bharadwaj wrote:

Where is the option to do this?

If you have an LDAP source configured in the administration, when creating a user you will have a drop-down list with authentication sources, including the LDAP one(s), which if selected remove the password fields.

Are you saying that once I enable this LDAP authentication, it will not require the user to put in a password? but it will create there password based on the LDAP table?

No, users will still be required to enter a password, but authentication will not happen against the redmine DB (which won't contain a password for that user) but against the LDAP server.

RE: Basic question about accounts and LDAP - Added by Neal Bharadwaj about 9 years ago

So then it only applies if I am trying to create users internally through Redmine.

Also, if a user updates their password for ldap, would their new password work for redmine as well?

Appreciate the help
Neal

RE: Basic question about accounts and LDAP - Added by Felix Schäfer about 9 years ago

Neal Bharadwaj wrote:

So then it only applies if I am trying to create users internally through Redmine.

No, you can also autocreate users from the LDAP directory, i.e. if someone tries to login with a username redmine doesn't know yet, it will try to login to the LDAP server with the provided credentials and will fetch the info it needs from there (first and last name, email address)

Also, if a user updates their password for ldap, would their new password work for redmine as well?

Redmine hands off authentication to the LDAP server, so yes.

RE: Basic question about accounts and LDAP - Added by Neal Bharadwaj about 9 years ago

Felix
Thanks for the help.
One more question. I finally got my LDAP server to link with the redmine instance.
Currently, when I create a new user, the authentication is internal.
How do I make it so that by default, the authentication is handled by LDAP?
Thanks,
Neal

RE: Basic question about accounts and LDAP - Added by Felix Schäfer about 9 years ago

Redmine can't create users in LDAP, it has read-only access. It can auto-create users from LDAP though, you have to activate it in the LDAP prefs in redmine, and then next time a user comes along with a login unknown to redmine but known to the LDAP, that user will have his name, surname and email address autofilled from LDAP.

(1-10/10)