RedmineLDAP » History » Version 3

Jean-Philippe Lang, 2007-12-10 21:48

1 1 Jean-Philippe Lang
h1. LDAP Authentication
2 1 Jean-Philippe Lang
3 1 Jean-Philippe Lang
Redmine natively supports LDAP authentication using one or multiple LDAP directories.
4 1 Jean-Philippe Lang
5 1 Jean-Philippe Lang
h2. Declaring the LDAP
6 1 Jean-Philippe Lang
7 1 Jean-Philippe Lang
Go to Administration -> Authentification and click *New authentication mode*.
8 1 Jean-Philippe Lang
9 1 Jean-Philippe Lang
Enter the following:
10 1 Jean-Philippe Lang
11 1 Jean-Philippe Lang
* *Name*: an arbitrary name for the directory
12 1 Jean-Philippe Lang
* *Host*: the LDAP host name
13 1 Jean-Philippe Lang
* *Port*: the LDAP port (default is 389)
14 1 Jean-Philippe Lang
* *LDAPS*: check this if you want or need to use LDAPS to access the directory
15 1 Jean-Philippe Lang
* *Account*: leave this field empty if your LDAP can be read anonymously, otherwise enter a username that has read access to the LDAP
16 1 Jean-Philippe Lang
* *Password*: password for the account
17 1 Jean-Philippe Lang
* *Base DN*: the top level DN of your LDAP directory tree
18 1 Jean-Philippe Lang
* *Login attribute*: enter the name of the LDAP attribute that will be used as the Redmine username
19 1 Jean-Philippe Lang
20 2 Jean-Philippe Lang
Redmine users should now be able to authenticate using their LDAP username and password if their accounts are set to use the LDAP for authentication.
21 3 Jean-Philippe Lang
22 3 Jean-Philippe Lang
To test this, create a Redmine user with a login that matches his LDAP account, select the newly created LDAP in the *Authentication mode* drop-down list (this field is visible on the account screen only if a LDAP is declared) and leave his password empty. Try to log in into Redmine using the LDAP username and password.
23 1 Jean-Philippe Lang
24 1 Jean-Philippe Lang
h2. On the fly user creation
25 1 Jean-Philippe Lang
26 1 Jean-Philippe Lang
By checking *on-the-fly user creation*, any LDAP user will have his Redmine account automatically created the first time he logs into Redmine.
27 1 Jean-Philippe Lang
For that, you have to specify the LDAP attributes name (firstname, lastname, email) that will be used to create their Redmine accounts.
28 1 Jean-Philippe Lang
29 1 Jean-Philippe Lang
Here is an typical example using Active Directory:
30 1 Jean-Philippe Lang
31 1 Jean-Philippe Lang
<pre>
32 1 Jean-Philippe Lang
Name     = My Directory
33 1 Jean-Philippe Lang
Host     = host.domain.org
34 1 Jean-Philippe Lang
Port     = 389
35 1 Jean-Philippe Lang
LDAPS    = no
36 1 Jean-Philippe Lang
Account  = MyDomain\UserName
37 1 Jean-Philippe Lang
Password = <password>
38 1 Jean-Philippe Lang
Base DN  = CN=users,DC=host,DC=domain,DC=org
39 1 Jean-Philippe Lang
40 1 Jean-Philippe Lang
On-the-fly user creation = yes
41 1 Jean-Philippe Lang
Attributes
42 1 Jean-Philippe Lang
  Login     = sAMAccountName
43 1 Jean-Philippe Lang
  Firstname = givenName
44 1 Jean-Philippe Lang
  Lastname  = sN
45 1 Jean-Philippe Lang
  Email     = mail
46 1 Jean-Philippe Lang
</pre>
47 1 Jean-Philippe Lang
48 1 Jean-Philippe Lang
Note that LDAP attribute names are *case sensitive*.
49 1 Jean-Philippe Lang
50 1 Jean-Philippe Lang
h2. Troubleshooting
51 1 Jean-Philippe Lang
52 1 Jean-Philippe Lang
If you want to use on-the-fly user creation, make sure you don't have any user custom field marked as required.