Redmine 203 with Subversion and LDAP Authentication (for Redmine and Subversion through Redmine) on Centos 6 i386 - detailed » History » Version 18

Hung Nguyen Vu, 2012-08-30 17:35
chkconfig level 35

1 7 Hung Nguyen Vu
h1. Redmine 2.0.3 on Centos 6.3
2 2 Sven Nosse
3 2 Sven Nosse
{{>toc}}
4 2 Sven Nosse
5 2 Sven Nosse
h2. Introduction
6 2 Sven Nosse
7 6 Hung Nguyen Vu
Our company was using the BITNAMI stack with Redmine and Subversion for our production environment. So the goal was about changing the server and migrating the data from Redmine 1.4 to Redmine 2.0.3 including getting all repositories and permissions preserved. 
8 1 Sven Nosse
9 6 Hung Nguyen Vu
I've tried to avoid webrick but rather use the fastCGI Module for Apache2. 
10 6 Hung Nguyen Vu
11 6 Hung Nguyen Vu
12 6 Hung Nguyen Vu
Second was converting the built-in accounts from the database to LDAP (ActiveDirectory). This is the result of 2 days of work and googling is this little tutorial for setting up a mentioned box doing exactly this stuff. We are using CentOS 6 (i386) for that task. 
13 6 Hung Nguyen Vu
14 6 Hung Nguyen Vu
# Please excuse my bad english for I am not used anymore to post long instruction manuals. Feel free to edit whatever you want. 
15 6 Hung Nguyen Vu
16 6 Hung Nguyen Vu
First of all, I tend to use vi so if you cannot operate vi I'd recommend to use any editor you like. If my instruction tells you to edit a file, you can find the sequence "..." which means, there is something above or below that line of text, that needs to be edited. Do not include those dots... 
17 6 Hung Nguyen Vu
18 1 Sven Nosse
h2. Assumptions
19 1 Sven Nosse
20 2 Sven Nosse
* You have a CentOS 6.3 installation (minimum install) working and SSH access to your box
21 6 Hung Nguyen Vu
* You can access the Internet
22 6 Hung Nguyen Vu
* You are logged in as root
23 1 Sven Nosse
24 6 Hung Nguyen Vu
h2. Redmine Installation Instruction
25 2 Sven Nosse
26 2 Sven Nosse
My personal flavour is to use as less self compiled packages as necessary to get the package up and runnning. So I try to use as many repository packages as possible.
27 2 Sven Nosse
28 6 Hung Nguyen Vu
h3. Turn off SE-Linux
29 3 Sven Nosse
30 6 Hung Nguyen Vu
I spent a lot of time to find out, that selinux can be a real party pooper. So I strongly recommend to disable that first before installing anything else. You can find a tutorial inside the howto section describing how to enable SELinux for your installation.
31 2 Sven Nosse
<pre>
32 2 Sven Nosse
vi /etc/selinux/config
33 2 Sven Nosse
</pre>
34 2 Sven Nosse
35 1 Sven Nosse
find the line with SELINUX and set it to
36 2 Sven Nosse
<pre>
37 2 Sven Nosse
...
38 2 Sven Nosse
SELINUX=disabled
39 2 Sven Nosse
...
40 2 Sven Nosse
</pre>
41 2 Sven Nosse
Do a reboot *NOW*
42 2 Sven Nosse
43 6 Hung Nguyen Vu
h3. Install basic services (Apache, mySQL, and several tools...)
44 2 Sven Nosse
45 9 Hung Nguyen Vu
Now we are good to go to install some tools that might be useful during our installation... 
46 9 Hung Nguyen Vu
47 9 Hung Nguyen Vu
First of all, update your system, make sure it is up to date,
48 1 Sven Nosse
<pre>
49 1 Sven Nosse
yum update
50 9 Hung Nguyen Vu
</pre>
51 9 Hung Nguyen Vu
52 9 Hung Nguyen Vu
and then install some prerequisite packages to the setup,
53 9 Hung Nguyen Vu
<pre>
54 9 Hung Nguyen Vu
yum -y install wget vim \\
55 9 Hung Nguyen Vu
       system-config-network system-config-firewall vim openssh-clients
56 9 Hung Nguyen Vu
</pre>
57 9 Hung Nguyen Vu
58 9 Hung Nguyen Vu
anhd some packages needed for Redmine
59 9 Hung Nguyen Vu
<pre>
60 2 Sven Nosse
yum -y install httpd mysql mysql-server 
61 1 Sven Nosse
</pre>
62 2 Sven Nosse
After that continue and install all packages that might be necessary during the ruby and redmine installation.
63 2 Sven Nosse
<pre>
64 2 Sven Nosse
yum -y install ruby rubygems 
65 6 Hung Nguyen Vu
yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel gcc ruby-devel \\
66 6 Hung Nguyen Vu
      gcc-c++ make postgresql-devel ImageMagick-devel sqlite-devel perl-LDAP mod_perl perl-Digest-SHA
67 2 Sven Nosse
</pre>
68 2 Sven Nosse
69 2 Sven Nosse
h3. Configure basic services
70 2 Sven Nosse
71 6 Hung Nguyen Vu
Let's configure the basic services, first of all, make mySQL and Apache to start at boot
72 2 Sven Nosse
<pre>
73 18 Hung Nguyen Vu
chkconfig httpd on --level 35
74 18 Hung Nguyen Vu
chkconfig mysqld on --level 35
75 2 Sven Nosse
</pre>
76 2 Sven Nosse
After configuring these, start them up
77 2 Sven Nosse
<pre>
78 2 Sven Nosse
service httpd start
79 2 Sven Nosse
service mysqld start
80 2 Sven Nosse
</pre>
81 18 Hung Nguyen Vu
Now configure your new mySQL Installation and follow the instructions. Please note/write down administrator password to MySQL you've just installed.
82 2 Sven Nosse
<pre>
83 2 Sven Nosse
/usr/bin/mysql_secure_installation
84 2 Sven Nosse
</pre>
85 2 Sven Nosse
86 2 Sven Nosse
h3. Configure passenger for Apache
87 2 Sven Nosse
88 2 Sven Nosse
You need to install passenger for Apache using gem. Do the following on the command line
89 2 Sven Nosse
<pre>
90 2 Sven Nosse
gem install passenger
91 2 Sven Nosse
passenger-install-apache2-module
92 2 Sven Nosse
</pre>
93 2 Sven Nosse
Please notice the installation messages! The next .conf file might use another path or version! 
94 2 Sven Nosse
After this you need to generate a conf file with the displayed content
95 2 Sven Nosse
<pre>
96 2 Sven Nosse
vi /etc/httpd/conf.d/ruby.conf
97 2 Sven Nosse
</pre>
98 2 Sven Nosse
During my installation the following content was displayed and needs to be entered in that file:
99 2 Sven Nosse
<pre>
100 2 Sven Nosse
   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15/ext/apache2/mod_passenger.so
101 2 Sven Nosse
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15
102 2 Sven Nosse
   PassengerRuby /usr/bin/ruby
103 2 Sven Nosse
</pre>
104 2 Sven Nosse
Restart your apache with
105 2 Sven Nosse
<pre>
106 2 Sven Nosse
service httpd restart
107 2 Sven Nosse
</pre>
108 2 Sven Nosse
109 1 Sven Nosse
h3. Get Redmine and install it
110 1 Sven Nosse
111 1 Sven Nosse
change to your home directory and download the latest version, expand it and copy it to the right place.
112 1 Sven Nosse
<pre>
113 1 Sven Nosse
cd
114 1 Sven Nosse
wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz
115 1 Sven Nosse
tar xvfz redmine-2.0.3.tar.gz
116 11 Hung Nguyen Vu
mkdir -p /var/www/redmine
117 12 Hung Nguyen Vu
cp redmine-2.0.3/* /var/www/redmine
118 1 Sven Nosse
</pre>
119 6 Hung Nguyen Vu
120 6 Hung Nguyen Vu
or you can do
121 6 Hung Nguyen Vu
122 6 Hung Nguyen Vu
<pre>
123 6 Hung Nguyen Vu
cd /var/www
124 6 Hung Nguyen Vu
wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz
125 6 Hung Nguyen Vu
tar xvfz redmine-2.0.3.tar.gz
126 6 Hung Nguyen Vu
ln -s redmine-2.0 redmine
127 6 Hung Nguyen Vu
</pre>
128 6 Hung Nguyen Vu
129 1 Sven Nosse
Next is to install bundler and let it install the production environment (with automatic resolve)
130 1 Sven Nosse
Now change to this directory - *this is your new Redmine application directory!*
131 2 Sven Nosse
<pre>
132 2 Sven Nosse
cd /var/www/redmine
133 2 Sven Nosse
gem install bundler
134 2 Sven Nosse
bundle install --without development test
135 1 Sven Nosse
</pre>
136 10 Hung Nguyen Vu
fetch some coffee... this might take some time...
137 2 Sven Nosse
138 2 Sven Nosse
h3. Create Redmine database
139 2 Sven Nosse
140 6 Hung Nguyen Vu
Next to generate a new database for redmine
141 14 Sven Nosse
Log on to your database with the following command. If prompted for a password, enter it.
142 2 Sven Nosse
<pre>
143 2 Sven Nosse
mysql -u root -p
144 2 Sven Nosse
</pre>
145 2 Sven Nosse
I tend to create a local only user for that database, change the password 'very_secret' to a better one :)
146 2 Sven Nosse
<pre>
147 2 Sven Nosse
create database redmine character set utf8;
148 2 Sven Nosse
create user 'redmine'@'localhost' identified by 'very_secret';
149 2 Sven Nosse
grant all privileges on redmine.* to 'redmine'@'localhost'; 
150 2 Sven Nosse
quit;
151 2 Sven Nosse
</pre>
152 2 Sven Nosse
153 2 Sven Nosse
h3. Configure Redmine
154 2 Sven Nosse
155 2 Sven Nosse
First of all, copy the example config to a productive one and edit the config for your needs
156 2 Sven Nosse
<pre>
157 2 Sven Nosse
cd /var/www/redmine/config
158 2 Sven Nosse
cp database.yml.example database.yml
159 2 Sven Nosse
vi /var/www/redmine/config/database.yml
160 2 Sven Nosse
</pre>
161 2 Sven Nosse
Now find the production section inside this file and edit it like that
162 2 Sven Nosse
<pre>
163 2 Sven Nosse
...
164 2 Sven Nosse
production:
165 13 Hung Nguyen Vu
# adapter = mysql2 is newer and proven to be more better than mysql
166 13 Hung Nguyen Vu
# adapter: mysql2
167 2 Sven Nosse
  adapter: mysql
168 2 Sven Nosse
  database: redmine
169 2 Sven Nosse
  host: localhost
170 2 Sven Nosse
  username: redmine
171 2 Sven Nosse
  password: very_secret
172 2 Sven Nosse
  encoding: utf8
173 2 Sven Nosse
...
174 2 Sven Nosse
</pre>
175 2 Sven Nosse
Head back to your application directory and generate a secret token
176 2 Sven Nosse
<pre>
177 2 Sven Nosse
cd /var/www/redmine/
178 2 Sven Nosse
rake generate_secret_token
179 2 Sven Nosse
</pre>
180 1 Sven Nosse
Now it is about time to generate the database structure (application directory!)
181 1 Sven Nosse
<pre>
182 2 Sven Nosse
cd /var/www/redmine/
183 2 Sven Nosse
RAILS_ENV=production rake db:migrate
184 2 Sven Nosse
</pre>
185 2 Sven Nosse
fill the database with default values...
186 1 Sven Nosse
<pre>
187 2 Sven Nosse
cd /var/www/redmine/
188 2 Sven Nosse
RAILS_ENV=production rake redmine:load_default_data
189 2 Sven Nosse
</pre>
190 2 Sven Nosse
follow the instructions to select your language.
191 2 Sven Nosse
192 6 Hung Nguyen Vu
h3. Mind the firewall!
193 2 Sven Nosse
194 6 Hung Nguyen Vu
Be aware that the firewall is enabled by default (which is good!). So if you know which ports to open, do it now or disable the firewall (just for testing purposes). I'd really recommend disabling the firewall during installation and enable it (opening ports) after you are sure that everything works.
195 1 Sven Nosse
<pre>
196 2 Sven Nosse
system-config-firewall
197 2 Sven Nosse
</pre>
198 2 Sven Nosse
use the onscreen menu to disable it or adjust the values.
199 2 Sven Nosse
200 8 Hung Nguyen Vu
or simply disable iptables during Redmine's setup
201 8 Hung Nguyen Vu
<pre>
202 8 Hung Nguyen Vu
service iptables stop
203 8 Hung Nguyen Vu
</pre>
204 8 Hung Nguyen Vu
205 6 Hung Nguyen Vu
h3. Do a testdrive!
206 2 Sven Nosse
207 2 Sven Nosse
I mentioned that I wanted not to use webrick, but for a testdrive, it'll work. This helps finding bugs and errors that might have occured before.
208 2 Sven Nosse
<pre>
209 2 Sven Nosse
cd /var/www/redmine/
210 2 Sven Nosse
ruby script/rails server webrick -e production
211 2 Sven Nosse
</pre>
212 2 Sven Nosse
Open up a browser and point it to: http://yoursystemname.yourdomain.com:3000 - the default username and password is 'admin'.
213 2 Sven Nosse
If everything is working, you are good to go! Kill webrick by hitting Ctrl+C.
214 2 Sven Nosse
215 6 Hung Nguyen Vu
h3. Activate FCGI and generate plugin directory
216 2 Sven Nosse
217 2 Sven Nosse
To activate the fcgi module you need to copy the example file and edit the very first line. During this step it is recommended to generate the default .htaccess config as well.
218 2 Sven Nosse
<pre>
219 2 Sven Nosse
cd /var/www/redmine/public
220 2 Sven Nosse
mkdir plugin_assets
221 2 Sven Nosse
cp dispatch.fcgi.example dispatch.fcgi
222 2 Sven Nosse
cp htaccess.fcgi.example .htaccess
223 1 Sven Nosse
vi /var/www/redmine/public/dispatch.fcgi
224 1 Sven Nosse
</pre>
225 2 Sven Nosse
now edit dispatch.fcgi and change it like this...
226 2 Sven Nosse
<pre>
227 2 Sven Nosse
#!/usr/bin/ruby
228 2 Sven Nosse
...
229 2 Sven Nosse
</pre>
230 2 Sven Nosse
231 2 Sven Nosse
h3. Apache permissions!
232 2 Sven Nosse
233 2 Sven Nosse
this one is important, so don't miss that one... 
234 1 Sven Nosse
<pre>
235 2 Sven Nosse
chown -R apache:apache /var/www/redmine/
236 1 Sven Nosse
</pre>
237 2 Sven Nosse
238 6 Hung Nguyen Vu
Note: "apache" is the user that runs httpd (apache) service, as defined in /etc/password and /etc/httpd/conf/httpd.conf 
239 6 Hung Nguyen Vu
240 2 Sven Nosse
h3. Getting Apache to work with FastCGI
241 2 Sven Nosse
242 2 Sven Nosse
Unfortunately the default Repo from CentOS cannot deliver the fcgid module so it is important to include a replo, that can deliver this package. I use the Fedora Repo so it is time to activate this... Again - this can change so please take care which repository to use.
243 2 Sven Nosse
<pre>
244 2 Sven Nosse
rpm --import https://fedoraproject.org/static/0608B895.txt
245 2 Sven Nosse
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
246 2 Sven Nosse
rpm -ivh epel-release-6-7.noarch.rpm
247 2 Sven Nosse
yum -y install mod_fcgid
248 2 Sven Nosse
</pre>
249 2 Sven Nosse
250 6 Hung Nguyen Vu
h3. Set the file path for Redmine
251 2 Sven Nosse
252 2 Sven Nosse
I wanted to move the files to another location, so I decided to move them to /opt/redmine
253 2 Sven Nosse
<pre>
254 6 Hung Nguyen Vu
mkdir -p /opt/redmine/files
255 2 Sven Nosse
chown -R apache:apache /opt/redmine
256 2 Sven Nosse
</pre>
257 2 Sven Nosse
now edit the configuration
258 2 Sven Nosse
<pre>
259 2 Sven Nosse
cd /var/www/redmine/config
260 2 Sven Nosse
cp configuration.yml.example configuration.yml
261 2 Sven Nosse
vi /var/www/redmine/config/configuration.yml
262 2 Sven Nosse
</pre>
263 2 Sven Nosse
edit the path settings inside this file...
264 2 Sven Nosse
<pre>
265 2 Sven Nosse
...
266 2 Sven Nosse
  attachments_storage_path: /opt/redmine/files
267 2 Sven Nosse
...
268 2 Sven Nosse
</pre>
269 2 Sven Nosse
270 2 Sven Nosse
h3. Telling Apache to serve REDMINE
271 2 Sven Nosse
272 2 Sven Nosse
The final step is to tell apache, where to find Redmine and what to do with it. Generate a new conf file for your virtual host to serve redmine...
273 2 Sven Nosse
<pre>
274 2 Sven Nosse
vi /etc/httpd/conf.d/redmine.conf
275 2 Sven Nosse
</pre>
276 2 Sven Nosse
and enter the following config (adjust to your needs ;) )
277 2 Sven Nosse
<pre>
278 2 Sven Nosse
<VirtualHost *:80>
279 2 Sven Nosse
        ServerName yoursystemname.yourdomain.com
280 2 Sven Nosse
        ServerAdmin yourmail@yourdomain.com
281 2 Sven Nosse
        DocumentRoot /var/www/redmine/public/
282 2 Sven Nosse
        ErrorLog logs/redmine_error_log
283 2 Sven Nosse
284 2 Sven Nosse
        MaxRequestLen 20971520
285 2 Sven Nosse
286 2 Sven Nosse
        <Directory "/var/www/redmine/public/">
287 2 Sven Nosse
288 2 Sven Nosse
                Options Indexes ExecCGI FollowSymLinks
289 2 Sven Nosse
                Order allow,deny
290 2 Sven Nosse
                Allow from all
291 2 Sven Nosse
                AllowOverride all
292 2 Sven Nosse
        </Directory>
293 2 Sven Nosse
</VirtualHost>
294 2 Sven Nosse
</pre>
295 2 Sven Nosse
Restart Apache and cross your fingers, wheter you can access http://yoursystemname.yourdomain.com - redmine should be available right now...
296 2 Sven Nosse
<pre>
297 2 Sven Nosse
service httpd restart
298 2 Sven Nosse
</pre>
299 2 Sven Nosse
300 2 Sven Nosse
h3. Additional Config: E-Mail System
301 2 Sven Nosse
302 1 Sven Nosse
in order to get emails sent to your clients, edit the configuration.yml and enter your server settings...
303 1 Sven Nosse
<pre>
304 1 Sven Nosse
vi /var/www/redmine/config/configuration.yml
305 1 Sven Nosse
</pre>
306 1 Sven Nosse
now find the settings for your server... the following settings describe an anonymous relay on an internal server. You need to remove the username and password line if you use anonymous sign on.
307 1 Sven Nosse
<pre>
308 1 Sven Nosse
...
309 1 Sven Nosse
default:
310 1 Sven Nosse
  # Outgoing emails configuration (see examples above)
311 1 Sven Nosse
  email_delivery:
312 1 Sven Nosse
    delivery_method: :smtp
313 1 Sven Nosse
    smtp_settings:
314 1 Sven Nosse
      address: mailserver.yourdomain.com
315 1 Sven Nosse
      port: 25
316 1 Sven Nosse
      domain: yourdomain.com
317 1 Sven Nosse
...
318 1 Sven Nosse
</pre>
319 1 Sven Nosse
320 6 Hung Nguyen Vu
Here is the configration if you use Google's SMTP server
321 6 Hung Nguyen Vu
322 6 Hung Nguyen Vu
<pre>
323 6 Hung Nguyen Vu
production:
324 6 Hung Nguyen Vu
  email_delivery:
325 6 Hung Nguyen Vu
    delivery_method: :smtp
326 6 Hung Nguyen Vu
    smtp_settings:
327 6 Hung Nguyen Vu
#      tls: true
328 6 Hung Nguyen Vu
      enable_starttls_auto: true
329 6 Hung Nguyen Vu
      address: "smtp.gmail.com"
330 6 Hung Nguyen Vu
      port: '587'
331 6 Hung Nguyen Vu
      domain: "smtp.gmail.com"
332 6 Hung Nguyen Vu
      authentication: :plain
333 6 Hung Nguyen Vu
      user_name: "google-account-name@domain-name.domain-extension"
334 6 Hung Nguyen Vu
      password: "password"
335 6 Hung Nguyen Vu
</pre>
336 6 Hung Nguyen Vu
337 1 Sven Nosse
h2. Getting Subversion working
338 2 Sven Nosse
339 2 Sven Nosse
After getting Redmine working, it is time to get Subversion working... The goal is to integrate the repositories inside Redmine and host them on the same server...
340 2 Sven Nosse
341 2 Sven Nosse
h3. Installing Packages for Subversion
342 2 Sven Nosse
343 2 Sven Nosse
Install the following packages
344 1 Sven Nosse
<pre>
345 2 Sven Nosse
yum -y install mod_dav_svn subversion subversion-ruby
346 2 Sven Nosse
</pre>
347 2 Sven Nosse
348 2 Sven Nosse
h3. Linking authentication for Redmine
349 2 Sven Nosse
350 2 Sven Nosse
Redmine provides a perl module to handle Apache authentication on SVN DAV repositories. First step is to link that module into the search path
351 2 Sven Nosse
<pre>
352 2 Sven Nosse
mkdir /usr/lib/perl5/vendor_perl/Apache
353 2 Sven Nosse
ln -s /var/www/redmine/extra/svn/Redmine.pm /usr/lib/perl5/vendor_perl/Apache/Redmine.pm
354 2 Sven Nosse
</pre>
355 2 Sven Nosse
356 16 Sven Nosse
h3. Creating a path for subversion repositories
357 2 Sven Nosse
358 2 Sven Nosse
create a path and set permissions for your SVN repo...
359 2 Sven Nosse
<pre>
360 2 Sven Nosse
mkdir /opt/subversion
361 2 Sven Nosse
chown -R apache:apache /opt/subversion
362 2 Sven Nosse
</pre>
363 2 Sven Nosse
364 6 Hung Nguyen Vu
h3. Edit virtual host for apache to serve SVN with redmine
365 2 Sven Nosse
366 2 Sven Nosse
to get Apache working with subversion, you need to adjust (create) the virtual host file
367 2 Sven Nosse
<pre>
368 2 Sven Nosse
vi /etc/httpd/conf.d/subversion.conf
369 2 Sven Nosse
</pre>
370 2 Sven Nosse
now enter/edit the following
371 2 Sven Nosse
<pre>
372 2 Sven Nosse
PerlLoadModule Apache::Redmine
373 2 Sven Nosse
<Location /svn>
374 2 Sven Nosse
        DAV svn
375 2 Sven Nosse
        SVNParentPath "/opt/subversion"
376 2 Sven Nosse
        SVNListParentPath on
377 2 Sven Nosse
        Order deny,allow
378 2 Sven Nosse
        Deny from all
379 2 Sven Nosse
        Satisfy any
380 2 Sven Nosse
        LimitXMLRequestBody 0
381 2 Sven Nosse
        SVNPathAuthz off
382 2 Sven Nosse
383 2 Sven Nosse
        PerlAccessHandler Apache::Authn::Redmine::access_handler
384 2 Sven Nosse
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
385 2 Sven Nosse
        AuthType Basic
386 2 Sven Nosse
        AuthName "Redmine SVN Repository"
387 2 Sven Nosse
388 2 Sven Nosse
        Require valid-user
389 2 Sven Nosse
        RedmineDSN "DBI:mysql:database=redmine;host=localhost:3306"
390 2 Sven Nosse
        RedmineDbUser "redmine"
391 15 Sven Nosse
        RedmineDbPass "very_secret"
392 2 Sven Nosse
393 2 Sven Nosse
        # cache max. 50 passwords
394 1 Sven Nosse
        RedmineCacheCredsMax 50
395 1 Sven Nosse
</Location>
396 14 Sven Nosse
</pre>
397 14 Sven Nosse
398 17 Hung Nguyen Vu
h3. Achievements
399 14 Sven Nosse
400 17 Hung Nguyen Vu
What we've done at this point:
401 17 Hung Nguyen Vu
* A running Redmine v2.0.3 installation using Apache Passenger
402 17 Hung Nguyen Vu
* Working authentication with Redmine's builtin database
403 17 Hung Nguyen Vu
* Working Subversion with Apache's WebDav
404 17 Hung Nguyen Vu
* Subversion authentication against redmine's builtin database
405 14 Sven Nosse
406 14 Sven Nosse
h2. Authentication against Active Directory
407 14 Sven Nosse
408 14 Sven Nosse
The last step requires some knowledge how to authenticate against your Active directory. First of all, open up Redmine in a web interface and enter the Administration dialogue. Select LDAP-Authentication adn create a new authentication entry.
409 14 Sven Nosse
410 14 Sven Nosse
* Name: Enter a NAME for your entry, this can be anything... 
411 14 Sven Nosse
* Host: Enter the IP address of a domain controler unless you are really sure, that DNS is working correctly
412 14 Sven Nosse
* Port: 389
413 14 Sven Nosse
* Account: This one is kind of a pitfall. Enter the DN of the user object that can authenticate against the Active Directory.
414 14 Sven Nosse
??EXAMPLE??: Assume that you have a domain that is called: mynetwork.local and an organizational unit that is named: myUsers. The DN of this organizational unit is: @OU=myUsers, DC=mynetwork, DC=local@ If you create a user, which Display name is like ??ldap authentication user?? then the Account you need to enter is: @CN=ldap authentication user, OU=myUsers, DC=mynetwork, DC=local@. I'd recommend using a tool like Sysinternals ADExplorer if you are unsure about the distinguished name of your authentication user.
415 14 Sven Nosse
* Base DN: This is the entry point, where Redmine tries to find users. In the example above you want to enter: @OU=myUsers, DC=mynetwork, DC=local@
416 14 Sven Nosse
* LDAP Filter: You can enter any filter you like here, a valid filter for finding users is: @(&(objectClass=user)(objectCategory=person))@. 
417 14 Sven Nosse
* On-the-fly Usercreation: I tend to check this.. This allows the initial creation of a new user when the user logs on redmine.
418 14 Sven Nosse
419 14 Sven Nosse
Attributes: _(I am not sure, whether the fields below are correctly tranlsated... please correct if necessary)_
420 14 Sven Nosse
* member name: sAMAccountName
421 14 Sven Nosse
* first name: givenname
422 14 Sven Nosse
* surname: sn
423 14 Sven Nosse
* E-Mail: mail
424 14 Sven Nosse
425 14 Sven Nosse
Save it, try it :)
426 14 Sven Nosse
427 14 Sven Nosse
You should be able to log on with your windows logon name and your windows passwort. If you've never logged on a new account should have been created within the redmine built in database.
428 14 Sven Nosse
429 14 Sven Nosse
h2. Last step - authenticate Subversion against active directory (by using the built in database from redmine!)
430 14 Sven Nosse
431 14 Sven Nosse
This one is tricky, you want the authentication data from Active Directory but you also want the group permissions from redmine. So you need to tell the logon mechanism to authenticate against AD and check inside the database, whether the user is SVN editor or not. Finally most of the work is done here with the redmine.pm script (remember, we've linked that already). But unfortunatelly the CentOS Perl implementation includes no module for Simple::LDAP. So we need to do some compiler work... 
432 14 Sven Nosse
433 14 Sven Nosse
First of all, fetch the packages needed for building the necessary perl module(s).
434 14 Sven Nosse
<pre>
435 14 Sven Nosse
yum -y install perl-CPAN perl-YAML
436 14 Sven Nosse
</pre>
437 14 Sven Nosse
438 14 Sven Nosse
There are a lot of dependencies when trying to build the module, so I recommend to turn on automatic dependency handling inside the CPAN shell....
439 14 Sven Nosse
Start up the shell:
440 14 Sven Nosse
<pre>
441 14 Sven Nosse
perl -MCPAN -e shell
442 14 Sven Nosse
</pre>
443 14 Sven Nosse
and then run the following two commands:
444 14 Sven Nosse
<pre>
445 14 Sven Nosse
o conf prerequisites_policy follow
446 14 Sven Nosse
o conf commit
447 14 Sven Nosse
</pre>
448 14 Sven Nosse
Now it is time, to install the module, still inside the shell. Enter
449 14 Sven Nosse
<pre>
450 14 Sven Nosse
install Authen::Simple::LDAP
451 14 Sven Nosse
</pre>
452 14 Sven Nosse
This takes some time... If queried for any dependencies or defaults, just acknowledge them with their default values - this should work.
453 14 Sven Nosse
Close the shell after everything is done by entering
454 14 Sven Nosse
<pre>
455 14 Sven Nosse
exit
456 14 Sven Nosse
</pre>
457 14 Sven Nosse
458 14 Sven Nosse
Now we need to tell Apache where to find the authentication data, this is simple by editing the subversion.conf
459 14 Sven Nosse
<pre>
460 14 Sven Nosse
vi /etc/httpd/conf.d/subversion.conf
461 14 Sven Nosse
</pre>
462 14 Sven Nosse
just add the Simple::LDAP Perl module by editing it this way:
463 14 Sven Nosse
<pre>
464 14 Sven Nosse
   ...
465 14 Sven Nosse
   PerlLoadModule Apache::Redmine
466 14 Sven Nosse
   PerlLoadModule  Authen::Simple::LDAP
467 14 Sven Nosse
   <Location /svn>
468 14 Sven Nosse
     DAV svn
469 14 Sven Nosse
     ...
470 14 Sven Nosse
</pre>
471 14 Sven Nosse
472 14 Sven Nosse
Restart Apache and LDAP Authentication should work now
473 14 Sven Nosse
<pre>
474 14 Sven Nosse
service httpd restart
475 2 Sven Nosse
</pre>