What we've done at this point:
- A running Redmine v2.1.2 installation using Apache Passenger
- Working authentication with Redmine's built-in database
Authentication against Active Directory
Redmine web interface - Administration - LDAP-Authentication - + New authentication mode- Name: informational parameter (enter something descriptive)
- Host: IP address or FQDN of a domain controler
- Port: 389
- Account: DN of the user that can authenticate against the Active Directory e.g binding user. Recommendations are to create a dedicated user account with no special permissions (simple Domain User) except login into domain
user: redmine.ldap
OU: Domain Users
Entered account should be: CN=redmine.ldap, OU=Domain Users, DC=company, DC=ltd
(Sysinternals ADExplorer is a perfect tool to find distinguished names)
- Base DN: Start point where Redmine tries to find users. In this case - users under OU Domain Users will be checked.
- LDAP Filter: Valid filter for finding users. Example:
(&(objectClass=user)(objectCategory=person)).
- member name: sAMAccountName
- first name: givenname
- surname: sn
- E-Mail: mail
If we have redmine-local-users and their user-names match these from MS AD, local users has precedence
For example: if we have Redmine local user: red.u with password: red.u and MS AD user: red.u with password: ms.red.u and we trying to log-in into Redmine WEB interface with red.u/ms.red.u we'll receive "Wrong username or password".
To fix this we can :
1. delete local user (and loose all issues,pages,posts,etc created by him )
2. Under Administration-Users-(select needed user)-Authentication method --> descriptive NAME entered above
Няма коментари:
Публикуване на коментар