RedmineLDAP » History » Version 5

Eric Davis, 2008-05-09 17:45
Updating documentation from Simone Carletti: http://www.redmine.org/boards/1/topics/show/800

1 1 Jean-Philippe Lang
h1. LDAP Authentication
2 1 Jean-Philippe Lang
3 1 Jean-Philippe Lang
Redmine natively supports LDAP authentication using one or multiple LDAP directories.
4 1 Jean-Philippe Lang
5 1 Jean-Philippe Lang
h2. Declaring the LDAP
6 1 Jean-Philippe Lang
7 5 Eric Davis
Go to Administration -> Settings -> Authentication and click *LDAP authentication*, on the bottom right of the screen.
8 5 Eric Davis
9 1 Jean-Philippe Lang
10 1 Jean-Philippe Lang
Enter the following:
11 1 Jean-Philippe Lang
12 1 Jean-Philippe Lang
* *Name*: an arbitrary name for the directory
13 1 Jean-Philippe Lang
* *Host*: the LDAP host name
14 1 Jean-Philippe Lang
* *Port*: the LDAP port (default is 389)
15 1 Jean-Philippe Lang
* *LDAPS*: check this if you want or need to use LDAPS to access the directory
16 1 Jean-Philippe Lang
* *Account*: leave this field empty if your LDAP can be read anonymously, otherwise enter a username that has read access to the LDAP
17 1 Jean-Philippe Lang
* *Password*: password for the account
18 1 Jean-Philippe Lang
* *Base DN*: the top level DN of your LDAP directory tree
19 1 Jean-Philippe Lang
* *Login attribute*: enter the name of the LDAP attribute that will be used as the Redmine username
20 1 Jean-Philippe Lang
21 2 Jean-Philippe Lang
Redmine users should now be able to authenticate using their LDAP username and password if their accounts are set to use the LDAP for authentication.
22 3 Jean-Philippe Lang
23 3 Jean-Philippe Lang
To test this, create a Redmine user with a login that matches his LDAP account, select the newly created LDAP in the *Authentication mode* drop-down list (this field is visible on the account screen only if a LDAP is declared) and leave his password empty. Try to log in into Redmine using the LDAP username and password.
24 1 Jean-Philippe Lang
25 1 Jean-Philippe Lang
h2. On the fly user creation
26 1 Jean-Philippe Lang
27 1 Jean-Philippe Lang
By checking *on-the-fly user creation*, any LDAP user will have his Redmine account automatically created the first time he logs into Redmine.
28 1 Jean-Philippe Lang
For that, you have to specify the LDAP attributes name (firstname, lastname, email) that will be used to create their Redmine accounts.
29 1 Jean-Philippe Lang
30 1 Jean-Philippe Lang
Here is an typical example using Active Directory:
31 1 Jean-Philippe Lang
32 1 Jean-Philippe Lang
<pre>
33 1 Jean-Philippe Lang
Name     = My Directory
34 1 Jean-Philippe Lang
Host     = host.domain.org
35 1 Jean-Philippe Lang
Port     = 389
36 1 Jean-Philippe Lang
LDAPS    = no
37 1 Jean-Philippe Lang
Account  = MyDomain\UserName
38 1 Jean-Philippe Lang
Password = <password>
39 1 Jean-Philippe Lang
Base DN  = CN=users,DC=host,DC=domain,DC=org
40 1 Jean-Philippe Lang
41 1 Jean-Philippe Lang
On-the-fly user creation = yes
42 1 Jean-Philippe Lang
Attributes
43 1 Jean-Philippe Lang
  Login     = sAMAccountName
44 1 Jean-Philippe Lang
  Firstname = givenName
45 1 Jean-Philippe Lang
  Lastname  = sN
46 1 Jean-Philippe Lang
  Email     = mail
47 1 Jean-Philippe Lang
</pre>
48 1 Jean-Philippe Lang
49 1 Jean-Philippe Lang
Note that LDAP attribute names are *case sensitive*.
50 1 Jean-Philippe Lang
51 1 Jean-Philippe Lang
h2. Troubleshooting
52 1 Jean-Philippe Lang
53 4 Jean-Philippe Lang
If you want to use on-the-fly user creation, make sure that Redmine can fetch from your LDAP all the required information to create a valid user.
54 4 Jean-Philippe Lang
For example, on-the-fly user creation won't work if you don't have valid email adresses in your directory (you will get an 'Invalid username/password' error message when trying to log in).
55 4 Jean-Philippe Lang
56 4 Jean-Philippe Lang
Also, make sure you don't have any custom field marked as *required* for user accounts. These custom fields would prevent user accounts from being created on the fly.