Monday, 2 September 2013

Create users on the fly via SSO in Redmine 2.3.2

Create users on the fly via SSO in Redmine 2.3.2

I attempt to use option "create user on the fly" in pair with SSO. I
configured SSO as described here - Silent login to Redmine upon entering
to domain
whoami /FQDN gives
CN=..my name and surname here..,OU=IT,OU=Users,OU=..user unit 1..,
OU=..user unit 2, DC=mydomain,DC=company,DC=org
I declare LDAP so
Name = Ldap Authentication
Host = ...ip of domain controller here...
Port = 389
LDAPS = no
Account = MYDOMAIN\UserName
Password = <password>
Base DN = DC=mydomain,DC=company,DC=org
On-the-fly user creation = yes
Attributes
Login = sAMAccountName
Firstname = givenName
Lastname = sN
Email = mail
Now, if I manually register users and specify authentication mode "Ldap
Authentication", user login automatically (transparent authentication).
However, if I don't register user manually in Redmine, then i get
following errors
When attempt SSO -
Started GET "/redmine/" for 127.0.0.1 at 2013-09-02 11:22:45 +0400
Processing by WelcomeController#index as */*
[1m[35m (0.0ms)[0m SELECT MAX(`settings`.`updated_on`) AS max_id FROM
`settings`
[1m[36mUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND
`users`.`login` = 'aleksey.bykov'[0m
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND
(LOWER(login) = 'aleksey.bykov') LIMIT 1
[1m[36mAnonymousUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users`
WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
Current user: anonymous
[1m[35mRole Load (0.0ms)[0m SELECT `roles`.* FROM `roles` WHERE
`roles`.`builtin` = 2 LIMIT 1
[1m[36mSQL (0.0ms)[0m [1mSELECT `news`.`id` AS t0_r0,
`news`.`project_id` AS t0_r1, `news`.`title` AS t0_r2, `news`.`summary`
AS t0_r3, `news`.`description` AS t0_r4, `news`.`author_id` AS t0_r5,
`news`.`created_on` AS t0_r6, `news`.`comments_count` AS t0_r7,
`projects`.`id` AS t1_r0, `projects`.`name` AS t1_r1,
`projects`.`description` AS t1_r2, `projects`.`homepage` AS t1_r3,
`projects`.`is_public` AS t1_r4, `projects`.`parent_id` AS t1_r5,
`projects`.`created_on` AS t1_r6, `projects`.`updated_on` AS t1_r7,
`projects`.`identifier` AS t1_r8, `projects`.`status` AS t1_r9,
`projects`.`lft` AS t1_r10, `projects`.`rgt` AS t1_r11,
`projects`.`inherit_members` AS t1_r12, `users`.`id` AS t2_r0,
`users`.`login` AS t2_r1, `users`.`hashed_password` AS t2_r2,
`users`.`firstname` AS t2_r3, `users`.`lastname` AS t2_r4,
`users`.`mail` AS t2_r5, `users`.`admin` AS t2_r6, `users`.`status` AS
t2_r7, `users`.`last_login_on` AS t2_r8, `users`.`language` AS t2_r9,
`users`.`auth_source_id` AS t2_r10, `users`.`created_on` AS t2_r11,
`users`.`updated_on` AS t2_r12, `users`.`type` AS t2_r13,
`users`.`identity_url` AS t2_r14, `users`.`mail_notification` AS t2_r15,
`users`.`salt` AS t2_r16 FROM `news` LEFT OUTER JOIN `projects` ON
`projects`.`id` = `news`.`project_id` LEFT OUTER JOIN `users` ON
`users`.`id` = `news`.`author_id` AND `users`.`type` IN ('User',
'AnonymousUser') WHERE (((projects.status lt;gt; 9 AND projects.id IN
(SELECT em.project_id FROM enabled_modules em WHERE em.name='news')) AND
(projects.is_public = 1))) ORDER BY news.created_on DESC LIMIT 5[0m
[1m[35mCACHE (0.0ms)[0m SELECT `roles`.* FROM `roles` WHERE
`roles`.`builtin` = 2 LIMIT 1
[1m[36mProject Load (0.0ms)[0m [1mSELECT `projects`.* FROM `projects`
WHERE (((projects.status lt;gt; 9) AND (projects.is_public = 1))) ORDER
BY created_on DESC LIMIT 5[0m
Rendered welcome/index.html.erb within layouts/base (0.0ms)
Completed 200 OK in 16ms (Views: 0.0ms | ActiveRecord: 0.0ms)
/code/pre
pWhen attempt to login via login form -/p
precodeProcessing by AccountController#login as HTML
Parameters: {utf8=gt;?,
authenticity_token=gt;OD+bA1wXN6WWa0QqZ2umHbVYFJw9gH5Tn5mAmgn/sxY=,
back_url=gt;http://localhost/redmine/, username=gt;aleksey.bykov,
password=gt;[FILTERED], login=gt;Âõîä »}
[1m[35m (0.0ms)[0m SELECT MAX(`settings`.`updated_on`) AS max_id FROM
`settings`
[1m[36mUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND
`users`.`login` = 'aleksey.bykov'[0m
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND
(LOWER(login) = 'aleksey.bykov') LIMIT 1
[1m[36mAnonymousUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users`
WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
Current user: anonymous
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND `users`.`login` =
'aleksey.bykov'
[1m[36mUser Load (15.6ms)[0m [1mSELECT `users`.* FROM `users` WHERE
`users`.`type` IN ('User', 'AnonymousUser') AND (LOWER(login) =
'aleksey.bykov') LIMIT 1[0m
[1m[35mAuthSource Load (0.0ms)[0m SELECT `auth_sources`.* FROM
`auth_sources` WHERE `auth_sources`.`onthefly_register` = 1
Authenticating 'aleksey.bykov' against 'Ldap Authentication'
Failed login for 'aleksey.bykov' from ::1 at 2013-09-02 07:25:36 UTC
Rendered account/login.html.erb within layouts/base (0.0ms)
Completed 200 OK in 94ms (Views: 0.0ms | ActiveRecord: 15.6ms)
/code/pre
pIn strongAD/strong fields email, First name and Last name are filled. My
domain account has grants to read from strongAD/strong./p
pHow properly configure strongcreate user on the fly/strong option? I
think, that my problem here./p
pThanks to all./p
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)