Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #8207 use Active Directory as an LDAP directory
Actions
Summary
site administrator
use Active Directory as an LDAP directory
I can use all Tuleap/LDAP features with AD

Tuleap LDAP features:

Read-only use of an Active Directory (AD). Tuleap must be configurable to work with either openLDAP or AD. Plenty of other tools have this compatibility (e.g. Jenkins/ Bugzilla) and are a good source of inspiration for configuration examples and explanations.

The following must all work with an AD.

  • Account creation (already works, verify)
  • Login (already works, verify)
  • Auto provisionning (already works, verify)
    • Automatic creation of Tuleap user account when user exists in AD but not yet in Tuleap user DB
  • Autocompletion
  • SVN authentication
    • through Apache via svn CLI commands
    • through viewVC in UI
    • through custom perl/ python scripts (nightly stats, notifications/ commit-email.pl)
  • Import LDAP group (for project_members and for static ugroups)
    • be careful with group structure difference between openLDAP and AD
  • Update LDAP group (for project_members and for static ugroups) on Tuleap (user-group LDAP binding)
  • Nightly synchro is covered by story #8208 (extracted to fit team constraint)

In addition to features:

  • Update documentation to explain how AD integration works. Maybe provide 2 ldap.inc, one for openldap like and one for AD.
  • Update validation suite to cover AD. Must test valid users and groups as well as invalid users and groups (user doesn't exist/ invalid credentials/ user group doesn't have correct permissions/ ...)

Technical note:

Empty
Nouha Terzi (terzino)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Depends of the availability of AD for development (usage of Rackspace a priori) and at validation time.
Details
#8207
Manuel Vacelet (vaceletm)
2015-07-29 16:38
2015-07-07 13:46
7900

References
Artifact links
Empty
Referencing story #8207

Artifact Tracker v5

story #8208 have nightly LDAP synchro with Active Directory
epic #8209 LDAP & Authentication
rel #8245 8.5

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/29/4229/8' of ssh://gerrit.tuleap.net:29418/tuleap into tuleap-stable-master 15c0b42ac2
User avatar Manuel Vacelet (vaceletm) , 2015-07-27 13:31
story #8207: use Active Directory as an LDAP directory 247fd64f61
User avatar dylan bowden (dylan) , 2015-07-27 12:07
Referenced by story #8207

Artifact Tracker v5

story #8208 have nightly LDAP synchro with Active Directory
Display settings

Follow-ups

User avatar
Manuel Vacelet (vaceletm)2015-07-08 10:13
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
dylan bowden (dylan)2015-07-07 16:59
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
Manuel Vacelet (vaceletm)2015-07-07 16:39
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
User avatar
dylan bowden (dylan)2015-07-07 16:15
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • CC list cleared values: None
  • Permissions set to