Project

General

Profile

RedmineLDAP » History » Version 3

Jean-Philippe Lang, 2007-12-10 21:48

1 1 Jean-Philippe Lang
h1. LDAP Authentication
2
3
Redmine natively supports LDAP authentication using one or multiple LDAP directories.
4
5
h2. Declaring the LDAP
6
7
Go to Administration -> Authentification and click *New authentication mode*.
8
9
Enter the following:
10
11
* *Name*: an arbitrary name for the directory
12
* *Host*: the LDAP host name
13
* *Port*: the LDAP port (default is 389)
14
* *LDAPS*: check this if you want or need to use LDAPS to access the directory
15
* *Account*: leave this field empty if your LDAP can be read anonymously, otherwise enter a username that has read access to the LDAP
16
* *Password*: password for the account
17
* *Base DN*: the top level DN of your LDAP directory tree
18
* *Login attribute*: enter the name of the LDAP attribute that will be used as the Redmine username
19
20 2 Jean-Philippe Lang
Redmine users should now be able to authenticate using their LDAP username and password if their accounts are set to use the LDAP for authentication.
21 3 Jean-Philippe Lang
22
To test this, create a Redmine user with a login that matches his LDAP account, select the newly created LDAP in the *Authentication mode* drop-down list (this field is visible on the account screen only if a LDAP is declared) and leave his password empty. Try to log in into Redmine using the LDAP username and password.
23 1 Jean-Philippe Lang
24
h2. On the fly user creation
25
26
By checking *on-the-fly user creation*, any LDAP user will have his Redmine account automatically created the first time he logs into Redmine.
27
For that, you have to specify the LDAP attributes name (firstname, lastname, email) that will be used to create their Redmine accounts.
28
29
Here is an typical example using Active Directory:
30
31
<pre>
32
Name     = My Directory
33
Host     = host.domain.org
34
Port     = 389
35
LDAPS    = no
36
Account  = MyDomain\UserName
37
Password = <password>
38
Base DN  = CN=users,DC=host,DC=domain,DC=org
39
40
On-the-fly user creation = yes
41
Attributes
42
  Login     = sAMAccountName
43
  Firstname = givenName
44
  Lastname  = sN
45
  Email     = mail
46
</pre>
47
48
Note that LDAP attribute names are *case sensitive*.
49
50
h2. Troubleshooting
51
52
If you want to use on-the-fly user creation, make sure you don't have any user custom field marked as required.