Redmine LDAP Integration - Active Directory Configuration

After you have Redmine installed and configured to the point where you can log in - go ahead and do so. Browse to Administration>Settings>Authentication tab>LDAP Configuration (in the bottom right).

Before you go and start changing things here, there are a few things you should keep in mind that will save you some time. Realize that you can't do an anonymous bind to Active Directory. So, you need to actually specify a valid set of credentials for the service account. Now, I suppose they could have done something different here to reduce the configuration work... like relying on user login credentials and passing them to query AD. But in any event, you just need a normal domain user account should do just fine - anything that can query Active Directory. Why a domain account? Think about it another way... if someone plugged their laptop into your network, would they be able to query AD for user or computer objects? No... they wouldn't, because they'd be anonymous. Even if they knew your domain name, had a domain controller's IP address, the distinguished name, etc... no luck. So create a service account. Just FYI, my domain was at 2003 domain functional level.

As far as the Base DN - keep it simple... base DN means base. You probably don't want CN=users, or CN=MyBusiness, or anything like that. In my case, I specified DC=domain,DC=local. As for the the attributes, they all come right out of Active Directory... there's a bunch of places you could find these if you wanted to spend the time to find them. Or, there's a bunch of sites that already have this stuff listed (see the below for my config).

When you're specifying the attributes, keep in mind that you don't want any extra spaces (blank spaces) after the attributes. For instance, it should be 'SAMAccountName' (no quotes), NOT 'SAMAccountName '. If you add a space, it breaks. If you don't have those "optional" attributes, it breaks. Also - just FYI... if you're under Authentication, and trying to run a "Test" of authentication, and it say's successful - that doesn't mean it's actually working. You need to test Active Directory account logins from back on the main menu.

If you want to use on-the-fly account creation... you'll need to make sure all of your Attributes are set correctly and that within Active Directory the attribute fields actually contain data for your users. This is very important. For example, if you have a user trying to login, but their account has "First Name", and/or "Last Name", and/or "E-mail" address fields blank (like if you have a "test" user account) - automatic user account creation in Redmine will fail. On top of that - it's not very verbose about why it failed. So that might be something to file away in the back of your mind, so that when you find one account (or a group of accounts) somewhere that won't login - you can make sure to check that they have all of the Active Directory attributes specified (just open up Active Directory Users and Computers and check-out the user object that is having a problem).

My Settings:

• Name: YourDomainOrWhateverYouWant
• Host: IP address of a Domain Controller (name is probably best)
• Port: 389
• Account: Domain\ServiceAccountRedmine01
• Password: SavedPassword
• Base DN: DC=domain,DC=local
• Login: SAMAccountName
• First Name: givenName
• Last Name: SN
• Email: mail

Redmine BitNami Appliance Intro

I’ve been checking out Project Management platforms lately, and came across Redmine. It’s an open-source project management and issue tracking tool (e.g. bug tracking, feature request, etc.)using a Ruby on Rails framework, with support for multiple databases (MySQL, PostgreSQL, or SQLite). The core features like Project Management and Issue tracking look pretty good, and it includes some nice details like Atom feeds, e-mail notifications, a per-project wiki, basic time tracking, and LDAP support. According to Wikipedia, Redmine is heavily influenced by Trac – which appears to have been around a bit longer, and is fairly mature... probably worth checking out as well (plus Trac it’s written in Python).

In any event, if you’re coming at this from a Microsoft-centric perspective, you can think of Redmine as being “Sharepoint-like”, although by no means is it a Sharepoint-replacement. In working with Redmine a bit, one thing immediately apparent is that Redmine makes sense… the web-based interface is uncluttered, it’s easy to navigate and wrap your head-around. After digging in, you’ll find that there are components to the tool that are obviously still immature but as far as the core functionality goes – it’s there.

The other thing that’s kind of interesting is that I’m running the Redmine stack using a Bitnami appliance on my ESX cluster. The Redmine virtual machine is running OpenSuse 11.1. So far, the Bitnami-appliance experience has been good, and if you haven’t checked out any of their stacks, they're worth investigating. The appliances are fairly light with the excesses trimmed out (no GUI, etc.). Since getting this machine built-out, I also saw that Turnkey Linux also has an Ubuntu-based appliance with the Redmine stack. While I’ve worked with OpenSuse, and Ubuntu, my more recent experience has been Debian-centric so Ubuntu is probably the more natural fit. I’ll follow-up with some How-To posts based on my notes and work so far over soon.