Feature #5742
open
Association of an LDAP group to a Redmine group
0%
Description
It should be possible to add LDAP based auth_source mode also for Redmine groups:
A Redmine Group, is an entry in the "users" table which has value of "type" column equal to "group", should have capability of having an "auth_source_id" value which represent the association to new type of auth_source that points to an LDAP group:
- LDAP users authenticate in redmine as a "Redmine Users" using LDAP auth_source.
- LDAP users belong to a LDAP group.
- Redmine groups with LDAP auth_source are associated to LDAP group.
Within a project, it should be possible to add Redmine roles to these LDAP based Redmine groups as usual (and transparently), as the in model it only change the value of the auth_source_id.
But the belonging of a LDAP based "Redmine User" to LDAP based Redmine groups (both entry have an auth_source_id) should be performed using a LDAP query instead of checking the "groups_users" table.
By a quick inspection of the code, the activity may imply:- modify model, controller and views for auth_source so to allow management of this new type of auth sources
- manage the user group associations in case group has an LDAP based auth_source_id (I don't know which part of the code has to be changed for this) by executing a LDAP query instead of a SQL query on the groups_users table
Informations:
A valid LDAP group is identified by a DN (for example: CN=ACL-SVN-ADMIN,OU=SVN,DC=foo,DC=myco,DC=com)
it have a objectClass attribute of value "groupOfUniqueNames", and has many "uniqueMember" attributes with value containing the DN of LDAP users.
It is possible to query LDAP Server for belonging of a LDAP user to this kind of LDAP groups.
Motivations:
This would allow to sync Redmine users to LDAP based Subversion repository as described into this tutorial: http://pteropus.blogspot.com/2008/04/securing-subversion-via-ldap.html
Related issues
Updated by 
Updated by 
Updated by 
Updated by Anonymous 
Updated by Toshi MARUYAMA