So previously I released the following post:
How to install dotProject 2.1.2 on FreeBSD 7.2 with Apache 2.2, PHP5, and MySQL 5.1 Server?
Now I am following up as promised with how to integrate this with Active Directory and AD’s LDAP. You need to know your LDAP Active Directory info. If you don’t, you need to get it. Or else maybe your domain is generic enough that looking at my examples will get you there.
- Log in to dotProject.
- Click on System Admin | Default User Preferences.
We will make changes to the following sections:
- User Authentication Settings
- LDAP Settings
These section are show in this screen shot. After this screen shot instructions on configuring these sections are provided.
- Scroll to the section called User Authentication Settings.
- Change the User Authentication Method setting to LDAP.
- Configure the LDAP Settings section.
- For LDAP Host, Enter the IP address of your Active Directory server.
- Do not change the LDAP Port or LDAP Version settings.
- On a default Active Directory installation, set the LDAP Base DN to the following:
For example, the lab I am demoing this with is LD.Lab so it would be this:
- For LDAP User Filter enter the following:
- For the LDAP Search User, enter a domain user:
SUGGESTION: Create a service account on the domain with a really intense password and almost no rights, except of course the right to search LDAP so it can be an LDAP Search User.
- Obviously for the LDAP Search User Password, enter the password for the LDAP Search User.
IMPORTANT! You must update this password here when the user’s changes in Active Directory (sorry for the “No duh” moment but it had to be said).
- Scroll down and on the bottom right of the Default User Preferences page, click Save.
Go ahead and try to login as a Domain User.
Note On Changing Permissions
Domain Users may appear to get the Administrator role, but this is not really the case. They only get the Anonymous role when they first login. See my forum post here:
How to make an LDAP user an administrator?
Also, it appears that if you want all users who login to get more permissions, then edit the Anonymous role or modify every user individually. (Yeah, so the project needs some features in this area…maybe you want to become a contributor and develop it yourself?)
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.