LDAP Alias Dereference
Added by Will aka S.Collado over 15 years ago
Hello,
I'm using last stable release of RedMine with OpenLDAP and I can't manage to get LDAP users authenticated.
It seems that the ldap search is done without alias dereference option.
I made a ldapsearch from bash prompt with same filter as Redmine and all worked fine (my ldap.conf has DEREF = always), I checked in OpenLDAP log and RedMine queries seems to be run with dereference set to "never".
Do you know if there's a way to set this option in Redmine Source or settings files ?
I'm not familiar with redmine source code and ruby in general, but i think it must be something related to Net::LDAP statements in app/models/auth_source_ldap.rb.
Thanks in advance for your help.
Regards.
Will
-----
Sorry for my english, french user here ;)
Replies (4)
RE: LDAP Alias Dereference - Added by Daniel Marczisovszky over 15 years ago
Redmine uses Net::LDAP (http://net-ldap.rubyforge.org/) and unfortunately this library does not allow setting dereference options. I'm currently investigating if LDAP authentication parts can be ported to Ruby/LDAP (http://ruby-ldap.sourceforge.net) which supports this.
RE: LDAP Alias Dereference - Added by Will aka S.Collado over 15 years ago
Ok, so no way for me to solve this issue by the "clean" way
I think I'll manage to find an temporary solution until RedMine use Ruby/LDAP (duplicating user entries or using another bug tracking system / project management system, i don' know yet) .
Thanks for your answer Daniel.
RE: LDAP Alias Dereference - Added by Daniel Marczisovszky over 15 years ago
Actually I don't what you mean as the "clean" way, but you may use this solution:
http://www.redmine.org/boards/2/topics/127
Check for "application.rb". It is modified to accept web server authentication and this way Apache can do the dirty job through its auth_ldap module. This is what I'm currently using, but it makes impossible to log out from Redmine.
RE: LDAP Alias Dereference - Added by Will aka S.Collado over 15 years ago
Actually, Redmine must be accessible by unregistered users for Issue creations.
Maybe I can use HTTP Auth if I create my own ticket-creation forms.
By "clean way" I meant a solution that allows to get wanted behavior without 'hacking' too deeply the source code or by duplicating entries in the LDAP Directory.
Thanks for the help.
Will.