Feature #6202

On-the-fly group addition based on LDAP sources

Added by Bruno Medeiros over 9 years ago. Updated almost 3 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:LDAPEstimated time:24.00 hours
Target version:-
Resolution:

Description

This feature would be useful to my company because all users authenticated in one LDAP source are employees and should belong to the 'Company' group.

Nowadays the account is automatically created, but the user cannot view any project because only members of 'Company' group can view any project (we do that way because we have customers on the system and they shouldn't be allowed to see Company internal projects). So we have to manually add users to groups, what makes account auto creation useless.

It seems to be equals #4755, but it's not.

Question: Is it possible to do it with a plugin?


Related issues

Related to Redmine - Patch #4755: Create and maintain groups from LDAP attributes New 2010-02-08
Related to Redmine - Feature #5742: Association of an LDAP group to a Redmine group New 2010-06-23
Related to Redmine - Feature #1113: Link LDAP groups with user accounts New 2008-04-25

History

#1 Updated by Bruno Medeiros over 9 years ago

My problem is the same described on #4164, but this solution is more feasible than #4755.

#2 Updated by Kevin Bortis over 9 years ago

This is exactly I search for. In my test installation I have setup a project for our department with subprojects for each project in the department. In some subprojects there are some freelancer we hire if the workload is to high for our main team. For security reasons I have set all projects to non-public and have setup groups Freelancer1, Freelancer2 etc. which I can add individually to the subprojects. The accounts and groups for the freelancers are added manually. All of the main team is in a LDAP-Group and authenticates using LDAP (Active Directory). The problem is, that the list of workers is to long to be managed by hand. So I would appreciate if all Users authenticating themself with LDAP are added to the group 'Company' as suggested by the creator of the ticket.

I have tried to do it myself, but failed so far, because my knowledge about ruby is basically non existent. I found that the file auth_sourc_ldap.rb contains an object attr which is passed back, so I tried to extend it by adding annother attribut group='Company'. The next problem is, that I don't know where this object ist processd. In account_controller.rb I have found some stuff about user creation (@user.add...), but I haven't found some code which processes the attr object.

It would be realy cool, if the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.

I would appreciate If someone at least could point me in the right direction.

#3 Updated by Nicolas Gauthier over 9 years ago

Kevin Bortis wrote:

the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.

+1

As I said in my "wrong" feature #4164 a year ago: It's a big issue for my compagny to be able to give access to "internal" projects to every employee but not to the clients. To put every employee in a "Compagny" group is a good way to do it, but to put each employee in the group after each "on-the-fly" member creation in a pain in the ass... ;)

Is that feature complex to implement? If not, I think this feature could have a really good ROI to help the adoption of Redmine in the enterprises.

By the way, thank for the great product!

#4 Updated by Darren Cook over 8 years ago

+1, but for any auth_source not just LDAP. We have a custom auth_source to link to our website, and again auto creation without being able to associate something to the auth_source'd user makes it pointless since we have no public projects.

#5 Updated by Victor Campos almost 5 years ago

We have a simple plugin to do this:
https://github.com/visagio/redmine-ldapdefaultgroups

#6 Updated by David Côté-Tremblay almost 3 years ago

Redmine Plugin : Add LDAP Users to Group

I just made some plugin that could help people with Redmine ~3.2

Redmine plugin that automatically adds newly logged-in LDAP users to specific group that is configurated in plugin's settings.

https://github.com/savoirfairelinux/redmine-add-ldap-user-to-group

#7 Updated by Toshi MARUYAMA almost 3 years ago

  • Related to Patch #4755: Create and maintain groups from LDAP attributes added

#8 Updated by Toshi MARUYAMA almost 3 years ago

  • Related to Feature #5742: Association of an LDAP group to a Redmine group added

#9 Updated by Toshi MARUYAMA almost 3 years ago

  • Related to Feature #1113: Link LDAP groups with user accounts added

Also available in: Atom PDF