Just a few notes I wanted to share regarding configuring Redmine 5 for Active Directory authentication.
In this particular environment, the Redmine server is running on a VM farm and is accessible from both the Internet (via proxy) and to local on-net clients.
Without getting too much into it, the client’s AD server is a fucking mess. Managed by people who don’t understand the basics of directory services. Looking at you Mike D. IYKYK. So we had to adapt our normal LDAP/AD Redmine configuration a bit.
The basics are as follows;
- Name: Client Active Directory
- Host: IP/Hostname of AD server
- Port: 389/LDAP
- Account: WINDOWSDOMAIN\$login Or $login@WINDOWS.DOMAIN.TLD1
Using the $login variable saves us from having to create a dedicated service account, which is both a potential security issue (non-expiring passwords boooooo) - Password: (null)
- Base DN: dc=windowsdomain,dc=com
Note: This is non-standard because the Active Directory structure is all fucked up thanks to a previous MSP that’s clearly run by…I’m not sure) - LDAP Filter: (null)
- On-the-fly user creation: (checked)
In the Attributes section, set the following values.
- Login attribute: sAMAccountName
- Firstname attribute: givenName
- Lastname attribute: sN
- Email attribute: mail
Once your users begin logging in, you can begin assigning them to Projects. I’m sure there’s a way to setup project permissions based on Active Directory/LDAP.