On-the-fly group addition based on LDAP sources
|Category:||LDAP||Estimated time:||24.00 hours|
This feature would be useful to my company because all users authenticated in one LDAP source are employees and should belong to the 'Company' group.
Nowadays the account is automatically created, but the user cannot view any project because only members of 'Company' group can view any project (we do that way because we have customers on the system and they shouldn't be allowed to see Company internal projects). So we have to manually add users to groups, what makes account auto creation useless.
It seems to be equals #4755, but it's not.
Question: Is it possible to do it with a plugin?
#2 Updated by Kevin Bortis over 9 years ago
This is exactly I search for. In my test installation I have setup a project for our department with subprojects for each project in the department. In some subprojects there are some freelancer we hire if the workload is to high for our main team. For security reasons I have set all projects to non-public and have setup groups Freelancer1, Freelancer2 etc. which I can add individually to the subprojects. The accounts and groups for the freelancers are added manually. All of the main team is in a LDAP-Group and authenticates using LDAP (Active Directory). The problem is, that the list of workers is to long to be managed by hand. So I would appreciate if all Users authenticating themself with LDAP are added to the group 'Company' as suggested by the creator of the ticket.
I have tried to do it myself, but failed so far, because my knowledge about ruby is basically non existent. I found that the file auth_sourc_ldap.rb contains an object attr which is passed back, so I tried to extend it by adding annother attribut group='Company'. The next problem is, that I don't know where this object ist processd. In account_controller.rb I have found some stuff about user creation (@user.add...), but I haven't found some code which processes the attr object.
It would be realy cool, if the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.
I would appreciate If someone at least could point me in the right direction.
#3 Updated by Nicolas Gauthier over 9 years ago
Kevin Bortis wrote:
the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.
As I said in my "wrong" feature #4164 a year ago: It's a big issue for my compagny to be able to give access to "internal" projects to every employee but not to the clients. To put every employee in a "Compagny" group is a good way to do it, but to put each employee in the group after each "on-the-fly" member creation in a pain in the ass... ;)
Is that feature complex to implement? If not, I think this feature could have a really good ROI to help the adoption of Redmine in the enterprises.
By the way, thank for the great product!
#5 Updated by Victor Campos almost 5 years ago
We have a simple plugin to do this:
#6 Updated by David Côté-Tremblay almost 3 years ago
Redmine Plugin : Add LDAP Users to Group¶
I just made some plugin that could help people with Redmine ~3.2
Redmine plugin that automatically adds newly logged-in LDAP users to specific group that is configurated in plugin's settings.