Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

97 lines (74 sloc) 3.423 kb

Redmine Ldap Sync

This plugins extends redmine's ldap authentication to perform group synchronization. In addition it provides a rake task to perform full user group synchronization.

The following should be noted:

  • The plugin has only been tested with Active Directory but should work with other directories.
  • It detects and disables users that have been marked as disabled on LDAP (see MS KB Article 305144 for more details).
  • An user will only be removed from groups that exist on LDAP. This means that both ldap and non-ldap groups can coexist.
  • Deleted groups on LDAP will not be deleted on redmine.

Installation

Follow the plugin installation procedure described at http://www.redmine.org/wiki/redmine/Plugins

Usage

Configuration

Open Administration > Plugins and on the plugin configuration page you'll be able to set for each LDAP authentication.

LDAP settings:

  • Active - Enable/Disable user/group synchronization for this LDAP authentication.
  • Group base DN - The path to where the groups located. Eg, ou=people,dc=smokeyjoe,dc=com.
  • Group name attribute - The ldap attribute from where to fetch the group's name. Eg, sAMAccountName.
  • Members attribute - The ldap attribute from where to fetch the group's members. Eg, member.
  • Groups objectclass - The groups object class.
  • Users objectclass - The users object class.
  • Group name pattern - (optional) An RegExp that should match up with the name of the groups that should be imported. Eg, \.team$.
  • Group search filter - (optional) An LDAP search filter to be applied whenever search for groups.

Synchronization Actions:

  • Users must be members of - (optional) A group to wich the users must belong to to have access enabled to redmine.
  • Add users to group - (optional) A group to wich all the users created from this LDAP authentication will added upon creation. The group should not exist on LDAP.
  • Create new groups - If enabled, groups that don't already exist on redmine will be created.
  • Create new users - If enabled, users that don't already exist on redmine will be created when running the rake task.
  • Sync users attributes - If enabled, the selected attributes will synchronized both on the rake tasks and after every login.
  • Attributes to be synced - The attributes to be synchronized: "First name", "Last name" and/or "Email"

Full user/group synchronization with rake

To do the full user synchronization execute the following:

rake redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

An alternative is to do it periodically with a cron task:

# Synchronize users with ldap @ every 60 minutes
35 *            * * *   root /usr/bin/rake -f /opt/redmine/Rakefile --silent redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

LDAP Compatibility

Active Directory

  • Group name attribute = sAMAccountName
  • Members attribute = member
  • Groups objectclass = group
  • Users objectclass = user

eDirectory / Open LDAP

  • Group name attribute = cn / ??
  • Members attribute = member
  • Groups objectclass = groupOfNames
  • Users objectclass = person / organizationalPerson

License

This plugin is released under the GPL v3 license. See LICENSE for more information.

Jump to Line
Something went wrong with that request. Please try again.