Project

General

Profile

LDAP Alias Dereference

Added by Will aka S.Collado over 15 years ago

Hello,

I'm using last stable release of RedMine with OpenLDAP and I can't manage to get LDAP users authenticated.

It seems that the ldap search is done without alias dereference option.
I made a ldapsearch from bash prompt with same filter as Redmine and all worked fine (my ldap.conf has DEREF = always), I checked in OpenLDAP log and RedMine queries seems to be run with dereference set to "never".

Do you know if there's a way to set this option in Redmine Source or settings files ?

I'm not familiar with redmine source code and ruby in general, but i think it must be something related to Net::LDAP statements in app/models/auth_source_ldap.rb.

Thanks in advance for your help.

Regards.

Will
-----

Sorry for my english, french user here ;)


Replies (4)

RE: LDAP Alias Dereference - Added by Daniel Marczisovszky over 15 years ago

Redmine uses Net::LDAP (http://net-ldap.rubyforge.org/) and unfortunately this library does not allow setting dereference options. I'm currently investigating if LDAP authentication parts can be ported to Ruby/LDAP (http://ruby-ldap.sourceforge.net) which supports this.

RE: LDAP Alias Dereference - Added by Will aka S.Collado over 15 years ago

Ok, so no way for me to solve this issue by the "clean" way

I think I'll manage to find an temporary solution until RedMine use Ruby/LDAP (duplicating user entries or using another bug tracking system / project management system, i don' know yet) .

Thanks for your answer Daniel.

RE: LDAP Alias Dereference - Added by Daniel Marczisovszky over 15 years ago

Actually I don't what you mean as the "clean" way, but you may use this solution:
http://www.redmine.org/boards/2/topics/127

Check for "application.rb". It is modified to accept web server authentication and this way Apache can do the dirty job through its auth_ldap module. This is what I'm currently using, but it makes impossible to log out from Redmine.

RE: LDAP Alias Dereference - Added by Will aka S.Collado over 15 years ago

Actually, Redmine must be accessible by unregistered users for Issue creations.

Maybe I can use HTTP Auth if I create my own ticket-creation forms.

By "clean way" I meant a solution that allows to get wanted behavior without 'hacking' too deeply the source code or by duplicating entries in the LDAP Directory.

Thanks for the help.

Will.

    (1-4/4)