Mac OS X Identity Services Authentication Hack

Added by Brian Wells about 9 years ago

I recently set up a copy of Redmine on a Mac OS X 10.5 Leopard Server. We needed to authenticate users with an Active Directory domain and so were in the process of setting up Redmine for LDAP authentication. One problem we ran into is that our Active Directory requires authentication to browse LDAP. It was then that I realized that the server is already authenticated since it is joined to the domain. What we needed to do was to authenticate users through Identity Services, which is new for Mac OS X 10.5.

Identity Services Programming Guide

I was able to put together a quick hack that provides support for Identity Services authentication and have been using it successfully for several days. Feel free to check out the attached diff, but be aware that it is very rough around the edges. For example, we reuse fields in the auth_sources table, which is a bad idea. It would have been better to add new fields or a completely new model. Another rough area is the custom code to parse out the first and last name from the full name provided by Identity Services - I'm sure there is a library out there to do this properly.

At some point I plan to try and make this into a Redmine plugin. Until then, some of you may find this hack useful and hopefully will have some helpful suggestions as well. :-)

– Brian Wells