Project

General

Profile

Actions

Patch #3358

open

Advanced LDAP authentication

Added by Daniel Marczisovszky over 15 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
LDAP
Start date:
2009-05-13
Due date:
% Done:

0%

Estimated time:

Description

This patch adds the following new features to LDAP authentication:

  • using dereferencing aliases on search
  • ability to select protocol LDAPv2 or LDAPv3
  • connect using STARTTLS
  • selecting server certificate validation level
  • user-definable custom search filter
  • bind as current user instead of admin account, see Feature #1913
  • searching is sub-tree by default, in future GUI option may be added to configure this

If custom search filter is used, $login is replaced with the username. For example, to search for users with objectClass posixAccount, use this filter string: @(&(uid=$login)(objectClass=posixAccount))

Note that this patch uses Ruby/LDAP instead of Net::LDAP, so this should be installed, for example on Debian, use apt-get install libldap-ruby1.8

After applying this patch, run rake db:migrate RAILS_ENV="production", as auth_sources table is modified in the database. (filter, dereference, starttls, require_cert and protocol_version columns are added)


Files

advanced_ldap_auth_0.8.3.diff (9.93 KB) advanced_ldap_auth_0.8.3.diff LDAP authentication patch for 0.8.3 Daniel Marczisovszky, 2009-05-13 21:24
advanced_ldap_auth_r2743.diff (10 KB) advanced_ldap_auth_r2743.diff LDAP authentication patch for revision 2743 Daniel Marczisovszky, 2009-05-13 21:24
07_ldap_update.patch (1.98 KB) 07_ldap_update.patch Jérémy Lal, 2009-07-14 14:37
07_ldap_sync.patch (2.67 KB) 07_ldap_sync.patch Jérémy Lal, 2009-07-14 16:29
advanced_ldap_auth_1.2.1.diff (12.3 KB) advanced_ldap_auth_1.2.1.diff LDAP authentication patch for 1.2.1 Anonymous, 2011-08-12 02:01
advanced_ldap_auth_r6417.diff (12.3 KB) advanced_ldap_auth_r6417.diff LDAP authentication patch for revision 6417 Anonymous, 2011-08-12 02:01
ldap.png (43.9 KB) ldap.png seb rey, 2011-12-09 22:44
logldap.txt (5.79 KB) logldap.txt seb rey, 2011-12-09 22:44
advanced_ldap_auth_2.2.3.diff (13.3 KB) advanced_ldap_auth_2.2.3.diff Diff for post-Redmine 2 Phil Weir, 2014-02-28 11:28

Related issues

Related to Redmine - Defect #3253: LDAP Auth : Alias DereferenceNew2009-04-28

Actions
Related to Redmine - Patch #29606: Support self-signed LDAPS connectionsClosedJean-Philippe Lang

Actions
Actions

Also available in: Atom PDF