Fixes thorin#2, thorin#3, thorin#4, thorin#6: new version 1.1.0 with …

…several new features - Extend support to other directory servers - Hability to enable/disable group creation - Hability to filter with ldap search filters - Added user attributes synchronization - Hability to filter user import by group membership
lribeiro · Aug 3, 2011 · 25ebe91 · 25ebe91
1 parent 46ff185
commit 25ebe91
Show file tree

Hide file tree

Showing 11 changed files with 362 additions and 118 deletions.
diff --git a/README.md b/README.md
@@ -1,33 +1,62 @@
 Redmine Ldap Sync
 =================
 
-This plugins extends redmine's ldap authentication to perform group synchronization.
+This plugins extends redmine's ldap authentication to perform group 
+synchronization.
 In addition it provides a rake task to perform full user group synchronization.
 
 The following should be noted:
 
-* The plugin has only been tested with Active Directory.
-* It detects and disables users that have been marked as disabled on LDAP (see [MS KB Article 305144][uacf] for more details).
-* An user will only be removed from groups that exist on LDAP. This means that both ldap and non-ldap groups can coexist.
+* The plugin has only been tested with Active Directory but should work with
+other directories.
+* It detects and disables users that have been marked as disabled on LDAP (see
+ [MS KB Article 305144][uacf] for more details).
+* An user will only be removed from groups that exist on LDAP. This means that
+ both ldap and non-ldap groups can coexist.
 * Deleted groups on LDAP will not be deleted on redmine.
 
 Installation
 ------------
 
-Follow the plugin installation procedure described at www.redmine.org/wiki/redmine/Plugins
+Follow the plugin installation procedure described at 
+http://www.redmine.org/wiki/redmine/Plugins
 
 Usage
 -----
 
 ### Configuration
 
-Open Administration > Plugins and on the plugin configuration page you'll be able to set for each LDAP authentication:
-
-* *Active* - Enable/Disable user/group synchronization for this LDAP authentication
-* *Group base DN* - The path to where the groups located. Eg, `ou=people,dc=smokeyjoe,dc=com`
-* *Group name* - The ldap attribute from where to fetch the group's name. Eg, `sAMAccountName`
-* *Group regex filter* - (optional) An RegExp that should match up with the name of the groups that should be imported. Eg, `\.team$`.
-* *Domain group* - (optional) A group to wich all the users created from this LDAP authentication will added upon creation. The group should not exist on LDAP.
+Open Administration > Plugins and on the plugin configuration page you'll be 
+able to set for each LDAP authentication.
+
+**LDAP settings:**
++ _Active_ - Enable/Disable user/group synchronization for this LDAP
+ authentication.
++ _Group base DN_ - The path to where the groups located. Eg,
+ `ou=people,dc=smokeyjoe,dc=com`.
++ _Group name attribute_ - The ldap attribute from where to fetch the group's
+ name. Eg, `sAMAccountName`.
++ _Members attribute_ - The ldap attribute from where to fetch the group's
+ members. Eg, `member`.
++ _Groups objectclass_ - The groups object class.
++ _Users objectclass_ - The users object class.
++ _Group name pattern_ - (optional) An RegExp that should match up with the name
+ of the groups that should be imported. Eg, `\.team$`.
++ _Group search filter_ - (optional) An LDAP search filter to be applied
+ whenever search for groups.
+
+**Synchronization Actions:**
++ _Users must be members of_ - (optional) A group to wich the users must belong
+ to to have access enabled to redmine.
++ _Add users to group_ - (optional) A group to wich all the users created from
+ this LDAP authentication will added upon creation. The group should not exist
+ on LDAP.
++ _Create new groups_ - If enabled, groups that don't already exist on redmine
+ will be created.
++ _Sync users attributes_ - If enabled, the selected attributes will
+ synchronized both on the rake tasks and after every login.
++ _Attributes to be synced_ - The attributes to be synchronized: "First name",
+ "Last name" and/or "Email"
 
 ### Full user/group synchronization with rake
 
@@ -41,8 +70,23 @@ An alternative is to do it periodically with a cron task:
     # Synchronize users with ldap @ every 60 minutes
     35 *            * * *   root /usr/bin/rake -f /opt/redmine/Rakefile --silent redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production
 
+LDAP Compatibility
+------------------
+### Active Directory
++ _Group name attribute_ = sAMAccountName
++ _Members attribute_ = member
++ _Groups objectclass_ = group
++ _Users objectclass_ = user
+
+### eDirectory / Open LDAP
++ _Group name attribute_ = cn / ??
++ _Members attribute_ = member
++ _Groups objectclass_ = groupOfNames
++ _Users objectclass_ = person / organizationalPerson
+
 License
 -------
-This plugin is released under the GPL v3 license. See LICENSE for more information.
+This plugin is released under the GPL v3 license. See LICENSE for more
+ information.
 
 [uacf]: http://support.microsoft.com/kb/305144
diff --git a/app/views/settings/_ldap_sync_settings.html.erb b/app/views/settings/_ldap_sync_settings.html.erb
@@ -1,30 +1,44 @@
-<% AuthSourceLdap.all.each do |ldap| -%>
-<fieldset class="collapsible">
+<% AuthSourceLdap.all.each_with_index do |ldap, i| -%>
+<fieldset class="collapsible #{ 'collapsed' if i > 0 }">
   <legend onclick="toggleFieldset(this);"><%= ldap.name %></legend>
-  <div>
-    <p>
-      <label><%= l(:ldap_domain_label_active)%></label>
-      <%= check_box_tag "settings[#{ldap.name}][active]", 'yes', (@settings[ldap.name][:active] if @settings[ldap.name]) %>
-    </p>
-
-    <p>
-      <label><%= l(:ldap_domain_label_groups_base_dn) %> <span class="required">*</span></label>
-      <%= text_field_tag "settings[#{ldap.name}][groups_base_dn]", (@settings[ldap.name][:groups_base_dn] if @settings[ldap.name]), :size => 60 %>
-    </p>
-
-    <p>
-      <label><%= l(:ldap_domain_label_attr_groupname) %> <span class="required">*</span></label>
-      <%= text_field_tag "settings[#{ldap.name}][attr_groupname]", (@settings[ldap.name][:attr_groupname] if @settings[ldap.name]), :size => 15 %>
-    </p>
-
-    <p>
-      <label><%= l(:ldap_domain_label_groupname_filter) %></label>
-      <%= text_field_tag "settings[#{ldap.name}][groupname_filter]", (@settings[ldap.name][:groupname_filter] if @settings[ldap.name]), :size => 15 %>
-    </p>
-    <p>
-      <label><%= l(:ldap_domain_label_domain_group) %></label>
-      <%= text_field_tag "settings[#{ldap.name}][domain_group]", (@settings[ldap.name][:domain_group] if @settings[ldap.name]), :size => 15 %>
-    </p>
+  <div <%= 'style="display:none"' if i > 0 %>>
+
+    <p><%= ldap_check_box ldap.name, 'active' %></p>
+
+    <fieldset class="collapsible">
+      <legend onclick="toggleFieldset(this);"><%=l :text_ldap_settings %></legend>
+      <div>
+        <p><%= ldap_text_field ldap.name, 'groups_base_dn', :required => true, :size => 50 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'attr_groupname', :required => true, :size => 15 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'attr_member', :default => 'member', :required => true, :size => 15 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'class_user', :default => 'user', :required => true, :size => 15 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'class_group', :default => 'group', :required => true, :size => 15 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'groupname_pattern', :size => 15 %></p>
+
+        <p><%= ldap_text_field ldap.name, 'group_search_filter', :size => 50 %></p>
+      </div>
+    </fieldset>
+
+    <fieldset class="collapsible collapsed">
+      <legend onclick="toggleFieldset(this);"><%=l :text_synchronization_actions %></legend>
+      <div style="display: none;">
+        <p><%= ldap_text_field ldap.name, 'must_be_member_of' %></p>
+
+        <p><%= ldap_text_field ldap.name, 'add_to_group', :size => 15 %></p>
+
+        <p><%= ldap_check_box ldap.name, 'create_groups', :default => true %></p>
+
+        <p><%= ldap_check_box ldap.name, 'sync_user_attributes' %></p>
+
+        <p><%= ldap_multiselect ldap.name, 'attributes_to_sync', ['firstname', 'lastname', 'mail'], :size => 15 %></p>
+      </div>
+    </fieldset>
+
   </div>
 </fieldset>
 <%- end %>
diff --git a/config/locales/de.yml b/config/locales/de.yml
@@ -1,6 +1,23 @@
 de:
- ldap_domain_label_active: "Aktiv"
- ldap_domain_label_groups_base_dn: "Gruppen DN"
- ldap_domain_label_attr_groupname: "Gruppenname"
- ldap_domain_label_groupname_filter: "Gruppen RexExpressiom"
- ldap_domain_label_domain_group: "Domain group"
+  field_redmine_ldap_sync_active: "Aktiv"
+  field_redmine_ldap_sync_groups_base_dn: "Gruppen DN"
+  field_redmine_ldap_sync_attr_groupname: "Gruppenname"
+  field_redmine_ldap_sync_attr_member: "Members attribute" 
+  field_redmine_ldap_sync_class_group: "Groups objectclass"
+  field_redmine_ldap_sync_class_user: "Users objectclass"
+
+  field_redmine_ldap_sync_groupname_pattern: "Gruppen RexExpressiom"
+  field_redmine_ldap_sync_group_search_filter: "Group search filter"
+
+  field_redmine_ldap_sync_must_be_member_of: "Users must be members of"
+  field_redmine_ldap_sync_add_to_group: "Add users to group"
+  field_redmine_ldap_sync_create_groups: "Create new groups"
+  field_redmine_ldap_sync_sync_user_attributes: "Sync users attributes"
+  field_redmine_ldap_sync_attributes_to_sync: "Attributes to be synced"
+
+  field_redmine_ldap_sync_firstname: "First name"
+  field_redmine_ldap_sync_lastname: "Last name"
+  field_redmine_ldap_sync_mail: "Email"
+
+  text_ldap_settings: "LDAP settings"
+  text_synchronization_actions: "Synchronization actions"
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -1,6 +1,23 @@
 en:
-  ldap_domain_label_active: "Active"
-  ldap_domain_label_groups_base_dn: "Groups base DN"
-  ldap_domain_label_attr_groupname: "Group name"
-  ldap_domain_label_groupname_filter: "Group regex filter" 
-  ldap_domain_label_domain_group: "Domain group" 
+  field_redmine_ldap_sync_active: "Active"
+  field_redmine_ldap_sync_groups_base_dn: "Groups base DN"
+  field_redmine_ldap_sync_attr_groupname: "Group name attribute"
+  field_redmine_ldap_sync_attr_member: "Members attribute" 
+  field_redmine_ldap_sync_class_group: "Groups objectclass"
+  field_redmine_ldap_sync_class_user: "Users objectclass"
+
+  field_redmine_ldap_sync_groupname_pattern: "Group name pattern"
+  field_redmine_ldap_sync_group_search_filter: "Group search filter"
+
+  field_redmine_ldap_sync_must_be_member_of: "Users must be members of"
+  field_redmine_ldap_sync_add_to_group: "Add users to group"
+  field_redmine_ldap_sync_create_groups: "Create new groups"
+  field_redmine_ldap_sync_sync_user_attributes: "Sync users attributes"
+  field_redmine_ldap_sync_attributes_to_sync: "Attributes to be synced"
+
+  field_redmine_ldap_sync_firstname: "First name"
+  field_redmine_ldap_sync_lastname: "Last name"
+  field_redmine_ldap_sync_mail: "Email"
+
+  text_ldap_settings: "LDAP settings"
+  text_synchronization_actions: "Synchronization actions"
diff --git a/config/locales/es.yml b/config/locales/es.yml
@@ -1,6 +1,23 @@
 es:
-  ldap_domain_label_active: "Activo"
-  ldap_domain_label_groups_base_dn: "Base DN de grupos"
-  ldap_domain_label_attr_groupname: "Nombre del grupo"
-  ldap_domain_label_groupname_filter: "Filtro regex de grupos"
-  ldap_domain_label_domain_group: "Grupo del dominio"
+  field_redmine_ldap_sync_active: "Activo"
+  field_redmine_ldap_sync_groups_base_dn: "Base DN de grupos"
+  field_redmine_ldap_sync_attr_groupname: "Nombre del grupo"
+  field_redmine_ldap_sync_attr_member: "Membros del grupo" 
+  field_redmine_ldap_sync_class_group: "Objectclass de grupos"
+  field_redmine_ldap_sync_class_user: "Objectclass de usuarios"
+
+  field_redmine_ldap_sync_groupname_pattern: "Filtro regex de grupos"
+  field_redmine_ldap_sync_group_search_filter: "Filtro de búsqueda de grupos"
+
+  field_redmine_ldap_sync_must_be_member_of: "Usuarios deben ser miembros de"
+  field_redmine_ldap_sync_add_to_group: "Añadir usuarios al grupo"
+  field_redmine_ldap_sync_create_groups: "Crear nuevos grupos"
+  field_redmine_ldap_sync_sync_user_attributes: "Sincronizar usuarios"
+  field_redmine_ldap_sync_attributes_to_sync: "Atributos que se sincronizan"
+
+  field_redmine_ldap_sync_firstname: "Nombre"
+  field_redmine_ldap_sync_lastname: "Apellido"
+  field_redmine_ldap_sync_mail: "Correo electrónico"
+
+  text_ldap_settings: "Configuración de LDAP"
+  text_synchronization_actions: "Acciones de sincronización"
diff --git a/config/locales/pt.yml b/config/locales/pt.yml
@@ -1,6 +1,23 @@
 pt:
-  ldap_domain_label_active: "Activo"
-  ldap_domain_label_groups_base_dn: "Base DN de grupos"
-  ldap_domain_label_attr_groupname: "Nome do grupo"
-  ldap_domain_label_groupname_filter: "Filtro regex de grupos"
-  ldap_domain_label_domain_group: "Grupo do dominio"
+  field_redmine_ldap_sync_active: "Activo"
+  field_redmine_ldap_sync_groups_base_dn: "Base DN dos grupos"
+  field_redmine_ldap_sync_attr_groupname: "Campo nome do grupo"
+  field_redmine_ldap_sync_attr_member: "Campo membros do grupo" 
+  field_redmine_ldap_sync_class_group: "Objectclass de grupos"
+  field_redmine_ldap_sync_class_user: "Objectclass de utilizadores"
+
+  field_redmine_ldap_sync_groupname_pattern: "Filtro regex de grupos"
+  field_redmine_ldap_sync_group_search_filter: "Filtro de pesquisa de grupos"
+
+  field_redmine_ldap_sync_must_be_member_of: "Devem ser membros de"
+  field_redmine_ldap_sync_add_to_group: "Adicionar ao grupo"
+  field_redmine_ldap_sync_create_groups: "Criar novos grupos"
+  field_redmine_ldap_sync_sync_user_attributes: "Actualizar dados"
+  field_redmine_ldap_sync_attributes_to_sync: "Campos a actualizar"
+
+  field_redmine_ldap_sync_firstname: "Nome"
+  field_redmine_ldap_sync_lastname: "Apelido"
+  field_redmine_ldap_sync_mail: "Email"
+
+  text_ldap_settings: "Configuração LDAP"
+  text_synchronization_actions: "Acções de sincronização"
diff --git a/db/migrate/201108021245_change_settings_name.rb b/db/migrate/201108021245_change_settings_name.rb
@@ -0,0 +1,26 @@
+class ChangeSettingsName < ActiveRecord::Migration
+
+  def self.up
+    all_settings = Setting.plugin_redmine_ldap_sync
+    return unless all_settings
+
+    AuthSourceLdap.all.each do |as|
+      settings = all_settings[as.name]
+
+      say_with_time "Updating settings for '#{as.name}'" do
+        settings[:add_to_group] = settings.delete(:domain_group)
+        settings[:groupname_pattern] = settings.delete(:groupname_filter)
+        settings[:create_groups] = true
+        settings[:sync_user_attributes] = false
+        settings[:attr_member] = 'member'
+        settings[:class_group] = 'group'
+        settings[:class_user] = 'user'
+        Setting.plugin_redmine_ldap_sync = all_settings
+      end if settings
+    end
+  end
+
+  def self.down
+    remove_column :issues, :is_private
+  end
+end
diff --git a/init.rb b/init.rb
@@ -9,7 +9,7 @@
   author_url 'mailto:Ricardo Santos <ricardo.santos@vilt-group.com>?subject=redmine_ldap_sync'
   description 'Syncs users and groups with ldap'
   url 'https://github.com/thorin/redmine_ldap_sync'
-  version '1.0.0'
+  version '1.1.0'
   requires_redmine :version_or_higher => '1.1.0'
 
 
@@ -23,10 +23,10 @@
   unless AuthSourceLdap.include? RedmineLdapSync::RedmineExt::AuthSourceLdapPatch
     AuthSourceLdap.send(:include, RedmineLdapSync::RedmineExt::AuthSourceLdapPatch)
   end
-  unless User.included_modules.include? RedmineLdapSync::RedmineExt::UserPatch
+  unless SettingsHelper.include? RedmineLdapSync::RedmineExt::SettingsHelperPatch
+    SettingsHelper.send(:include, RedmineLdapSync::RedmineExt::SettingsHelperPatch)
+  end
+  unless User.include? RedmineLdapSync::RedmineExt::UserPatch
     User.send(:include, RedmineLdapSync::RedmineExt::UserPatch)
   end
 end
-
-# Hooks
-require 'redmine_ldap_sync/redmine_hooks'