Skip to content
/ redmine_ldap_sync Public
forked from Utopism/redmine_ldap_sync

Redmine plugin which synchronizes users and groups with an ldap server

License

GPL-3.0 license
1 star 127 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eivindt/redmine_ldap_sync

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
app/views/settings
app/views/settings
 
 
config/locales
config/locales
 
 
db/migrate
db/migrate
 
 
lib
lib
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
init.rb
init.rb
 
 

Repository files navigation

Redmine Ldap Sync

This plugins extends redmine's ldap authentication to perform group synchronization. In addition it provides a rake task to perform full user group synchronization.

The following should be noted:

  • The plugin has only been tested with Active Directory but should work with other directories.
  • It detects and disables users that have been marked as disabled on LDAP (see MS KB Article 305144 for more details).
  • It detects and disables users that have been removed from LDAP.
  • An user will only be removed from groups that exist on LDAP. This means that both ldap and non-ldap groups can coexist.
  • Deleted groups on LDAP will not be deleted on redmine.

Installation

Follow the plugin installation procedure described at http://www.redmine.org/wiki/redmine/Plugins

Usage

Configuration

Open Administration > Plugins and on the plugin configuration page you'll be able to set for each LDAP authentication.

LDAP settings:

  • Active - Enable/Disable user/group synchronization for this LDAP authentication.
  • Group base DN - The path to where the groups located. Eg, ou=people,dc=smokeyjoe,dc=com.
  • Group name attribute (group) - The ldap attribute from where to fetch the group's name. Eg, sAMAccountName.
  • Group membership - Specifies how to determine the user's group membership. The possible values are:
    • On the group class: membership determined from the list of users contained on the group.
    • On the user class: membership determined from the list of groups contained on the user.
  • Members attribute (group) - The ldap attribute from where to fetch the group's members. Visible if the group membership is on the group class. Eg, member.
  • Memberid attribute (user) - The ldap attribute from where to fetch the user's memberid. This attribute will be used to cross with groups' members. Visible if the group membership is on the group class. Eg, dn.
  • Groups attribute (user) - The ldap attribute from where to fetch the user's groups. Visible if the group membership is on the user class. Eg, memberof.
  • Groupid attribute (group) - The ldap attribute from where to fetch the group's groupid. This attribute will be used to cross with users' groups. Visible if the group membership is on the user class. Eg, distinguishedName.
  • Groups objectclass - The groups object class.
  • Users objectclass - The users object class.
  • Group name pattern - (optional) An RegExp that should match up with the name of the groups that should be imported. Eg, \.team$.
  • Group search filter - (optional) An LDAP search filter to be applied whenever search for groups.

Synchronization Actions:

  • Users must be members of - (optional) A group to wich the users must belong to to have access enabled to redmine.
  • Add users to group - (optional) A group to wich all the users created from this LDAP authentication will added upon creation. The group should not exist on LDAP.
  • Create new groups - If enabled, groups that don't already exist on redmine will be created.
  • Create new users - If enabled, users that don't already exist on redmine will be created when running the rake task.
  • Sync users attributes - If enabled, the selected attributes will synchronized both on the rake tasks and after every login.
  • Attributes to be synced - The attributes to be synchronized: "First name", "Last name" and/or "Email"

Cache:

  • Some informations are cached (default 120 seconds), you can set the cache duration with the cache_duration= method

    • dynamic group members

Full user/group synchronization with rake

To do the full user synchronization execute the following:

rake redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

An alternative is to do it periodically with a cron task:

# Synchronize users with ldap @ every 60 minutes
35 *            * * *   root /usr/bin/rake -f /opt/redmine/Rakefile --silent redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production 2>&- 1>&-

LDAP Compatibility

Active Directory

  • Group name attribute (group) = sAMAccountName
  • Group membership = on the group class | {on the user class}
  • Members attribute (group) = member
  • Memberid attribute (user) = dn
  • Groups attribute (user) = --- | {memberof}
  • Groupid attribute (group) = --- | {distinguishedName}
  • Groups objectclass = group
  • Users objectclass = user

OpenDS

  • Group name attribute (group) = cn
  • Group membership = on the user class
  • Groups attribute (user) = isMemberOf
  • Memberid attribute (user) = entryDN
  • Groups objectclass = groupOfUniqueNames
  • Users objectclass = person

Lotus Notes LDAP (tested against Lotus Notes 8.5.2)

  • Group membership = on the group class
  • Group name attribute (group) = cn
  • Members attribute (group) = member
  • Memberid attribute (user) = dn
  • Groups objectclass = dominoGroup
  • Users objectclass = dominoPerson

eDirectory / Open LDAP

  • Group name attribute = cn / ??
  • Members attribute = member
  • Groups objectclass = groupOfNames
  • Users objectclass = person / organizationalPerson

License

This plugin is released under the GPL v3 license. See LICENSE for more information.

About

Redmine plugin which synchronizes users and groups with an ldap server

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published