Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Redmine plugin which synchronizes users and groups with an ldap server
branch: master

This branch is 320 commits behind thorin:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
app/views/settings
config/locales
db/migrate
lib
LICENSE
README.md
init.rb

README.md

Redmine Ldap Sync

This plugins extends redmine's ldap authentication to perform group synchronization. In addition it provides a rake task to perform full user group synchronization.

The following should be noted:

  • The plugin has only been tested with Active Directory but should work with other directories.
  • It detects and disables users that have been marked as disabled on LDAP (see MS KB Article 305144 for more details).
  • An user will only be removed from groups that exist on LDAP. This means that both ldap and non-ldap groups can coexist.
  • Deleted groups on LDAP will not be deleted on redmine.

Installation

Follow the plugin installation procedure described at http://www.redmine.org/wiki/redmine/Plugins

Usage

Configuration

Open Administration > Plugins and on the plugin configuration page you'll be able to set for each LDAP authentication.

LDAP settings:

  • Active - Enable/Disable user/group synchronization for this LDAP authentication.
  • Group base DN - The path to where the groups located. Eg, ou=people,dc=smokeyjoe,dc=com.
  • Group name attribute - The ldap attribute from where to fetch the group's name. Eg, sAMAccountName.
  • Members attribute - The ldap attribute from where to fetch the group's members. Eg, member.
  • Groups objectclass - The groups object class.
  • Users objectclass - The users object class.
  • Group name pattern - (optional) An RegExp that should match up with the name of the groups that should be imported. Eg, \.team$.
  • Group search filter - (optional) An LDAP search filter to be applied whenever search for groups.

Synchronization Actions:

  • Users must be members of - (optional) A group to wich the users must belong to to have access enabled to redmine.
  • Add users to group - (optional) A group to wich all the users created from this LDAP authentication will added upon creation. The group should not exist on LDAP.
  • Create new groups - If enabled, groups that don't already exist on redmine will be created.
  • Create new users - If enabled, users that don't already exist on redmine will be created when running the rake task.
  • Sync users attributes - If enabled, the selected attributes will synchronized both on the rake tasks and after every login.
  • Attributes to be synced - The attributes to be synchronized: "First name", "Last name" and/or "Email"

Full user/group synchronization with rake

To do the full user synchronization execute the following:

rake redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

An alternative is to do it periodically with a cron task:

# Synchronize users with ldap @ every 60 minutes
35 *            * * *   root /usr/bin/rake -f /opt/redmine/Rakefile --silent redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

LDAP Compatibility

Active Directory

  • Group name attribute = sAMAccountName
  • Members attribute = member
  • Groups objectclass = group
  • Users objectclass = user

eDirectory / Open LDAP

  • Group name attribute = cn / ??
  • Members attribute = member
  • Groups objectclass = groupOfNames
  • Users objectclass = person / organizationalPerson

License

This plugin is released under the GPL v3 license. See LICENSE for more information.

Something went wrong with that request. Please try again.