Project

General

Profile

Forums » Help »

Redmine - Ldap Sync users and groups with ldap ::Help UPDATED::

Added by Dave Polak about 12 years ago

Hello,
I recently deployed Redmine for my developers, and i have to tell you all Redmine is soooo much better thank Trac. Anyway deployment went fine i was able to set up LDAP Auth for my users, it works great with Subversion i was able to link Projects to Repos and so on.
One think left is to be able to sync LDAP groups with redmine. I installed plugin from 'https://github.com/thorin/redmine_ldap_sync' it is version 1.2.0 and when i run
rake redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production this is the output i get:
Synchronizing AuthSource Ldap Auth...
-- Updating user 'aturner'...
-- Updating user 'rwalker'...
-- Could not create user 'svntest': "Email can't be blank"
-- Updating user 'sgratzl'...
-- Updating user 'dpolak'...
-- Updating user 'aptashnik'...
-- Updating user 'tjoyce'...
-- Updating user 'vsardaryan'...
-- Updating user 'diorj'...

root@chi-repo-01 redmine]# RAILS_ENV=production script/about
About your application's environment
Ruby version 1.8.7 (x86_64-linux)
RubyGems version 1.4.2
Rack version 1.1
Rails version 2.3.14
Active Record version 2.3.14
Active Resource version 2.3.14
Action Mailer version 2.3.14
Active Support version 2.3.14
Edge Rails revision unknown
Application root /var/www/redmine
Environment production
Database adapter mysql
Database schema version 20110902000000

About your Redmine plugins
Redmine Logs plugin 0.0.3
Redmine - Ldap Sync 1.2.0

it does not look like it is syncing groups it syncs only users. Is there a trick to it please let me know i would love to get this done.

Thank you for all replies and help.

Regards,


Replies (3)

RE: Redmine - Ldap Sync users and groups with ldap ::Help UPDATED:: - Added by Dave Polak over 11 years ago

So – I changed the ‘groups base DN’ to OU=DevTest,OU="City",DC='DOMAIN',DC=com. Removing the spaces appeared to make the connection work at least: at this point it went through and (incorrectly) removed all users from all groups.

I also switched the setting ‘Group membership’ from ‘On the user class’ to ‘On the group class’… and this made it work. It immediately went through and added users to the appropriate groups, exactly as is listed in LDAP. I checked adding and removing users, running the script each time, and it reflects the changes in redmine correctly.

My guess is that for some reason, it could not get a list of groups from a user. But somehow it can get a list of users from a group. It doesn’t make a lot of sense, but I don’t care. It works! The only thing I can think of is that it’s because our users and groups are in different OUs. If I had more time and more inclination I would test to prove this and report it as a bug. But I can’t be bothered. You can, if you like. Our way of returning something to the community.

I also tested that it’s synching group memberships on logon. Which works, without having to run the synchronization script. So if I remove/add myself to a group, and logout/login, it makes the appropriate changes when I log in. Nice.

One other setting I changed was the group pattern, which I changed to ‘group_.*’. This has no effect on whether or not it works; it just stops it from creating all active directory groups in OU=DevTest in Redmine. Previously, it was creating a Redmine group for Secure_RO. It doesn’t do this with the new setting as this group’s name does not begin with the string ‘repo_’.

RE: Redmine - Ldap Sync users and groups with ldap ::Help UPDATED:: - Added by Ricardo S about 11 years ago

You probably are using an Active Directory.
Group membership - 'on the group class' appears only work correctly on Active Directory.

The difference between on the group class and on the member class is on the attributes:

If you use on the member class, on Active Directory, you need to memberOf attribute on the user to determine the user's groups.
If you use on the group class, you need to use the member attribute on the Group objects to determine the group's members.

The `group_.*` pattern makes the plugin reject all groups which the name doesn't start with group_.

Consider using version 2.0 of the plugin. It's easier to test the configuration.

    (1-3/3)