Feature #6202
open
On-the-fly group addition based on LDAP sources
Added by Bruno Medeiros about 14 years ago.
Updated over 7 years ago.
Description
This feature would be useful to my company because all users authenticated in one LDAP source are employees and should belong to the 'Company' group.
Nowadays the account is automatically created, but the user cannot view any project because only members of 'Company' group can view any project (we do that way because we have customers on the system and they shouldn't be allowed to see Company internal projects). So we have to manually add users to groups, what makes account auto creation useless.
It seems to be equals #4755, but it's not.
Question: Is it possible to do it with a plugin?
My problem is the same described on #4164, but this solution is more feasible than #4755.
This is exactly I search for. In my test installation I have setup a project for our department with subprojects for each project in the department. In some subprojects there are some freelancer we hire if the workload is to high for our main team. For security reasons I have set all projects to non-public and have setup groups Freelancer1, Freelancer2 etc. which I can add individually to the subprojects. The accounts and groups for the freelancers are added manually. All of the main team is in a LDAP-Group and authenticates using LDAP (Active Directory). The problem is, that the list of workers is to long to be managed by hand. So I would appreciate if all Users authenticating themself with LDAP are added to the group 'Company' as suggested by the creator of the ticket.
I have tried to do it myself, but failed so far, because my knowledge about ruby is basically non existent. I found that the file auth_sourc_ldap.rb contains an object attr which is passed back, so I tried to extend it by adding annother attribut group='Company'. The next problem is, that I don't know where this object ist processd. In account_controller.rb I have found some stuff about user creation (@user.add...), but I haven't found some code which processes the attr object.
It would be realy cool, if the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.
I would appreciate If someone at least could point me in the right direction.
Kevin Bortis wrote:
the LDAP Admin Page could be extended by the field "Default group:", so all Users authenticating with LDAP would be added to this group.
+1
As I said in my "wrong" feature #4164 a year ago: It's a big issue for my compagny to be able to give access to "internal" projects to every employee but not to the clients. To put every employee in a "Compagny" group is a good way to do it, but to put each employee in the group after each "on-the-fly" member creation in a pain in the ass... ;)
Is that feature complex to implement? If not, I think this feature could have a really good ROI to help the adoption of Redmine in the enterprises.
By the way, thank for the great product!
+1, but for any auth_source not just LDAP. We have a custom auth_source to link to our website, and again auto creation without being able to associate something to the auth_source'd user makes it pointless since we have no public projects.
- Related to Patch #4755: Create and maintain groups from LDAP attributes added
- Related to Feature #5742: Association of an LDAP group to a Redmine group added
- Related to Feature #1113: Link LDAP groups with user accounts added
Also available in: Atom
PDF