From jamie-list at tramchase.com Sun Mar 2 19:35:38 2008 From: jamie-list at tramchase.com (Jamie Wilkinson) Date: Sun, 2 Mar 2008 19:35:38 -0500 Subject: [Retrospectiva-general] Ldap Adapter? In-Reply-To: <47B5D2DA.9030701@ianduggan.net> References: <47B08CF4.5040909@ianduggan.net> <47B4E06D.1080109@ianduggan.net> <47B53D05.9060502@dvisionfactory.com> <47B5D2DA.9030701@ianduggan.net> Message-ID: <74CDFAEC-EA51-43C0-B0ED-61462F6BDF8C@tramchase.com> Hi Ian, have you made any progress with your LDAP auth adapter? I wrote an LDAP plugin long ago, pre auth API, and I had to fallback on plain auth after recently upgrading to the latest & greatest. Any effort saved is appreciated! -jamiew --- Jamie Wilkinson > http://www.tramchase.com On Feb 15, 2008, at 12:58 PM, Ian Duggan wrote: > > Dimitrij Denissenko wrote: >> I has created one, but unfortunately it is too specific for our >> company. >> I would appreciate if you could write and publsih a generic LDAP >> solution. Retrospectiva IS constantly developed (just see the >> changesets >> list). > > Great. We're working on one here. We'll publish whatever we come up > with. > > Is there an irc channel, or can we create one? I'm not sure what hours > people are generally around, but I'm on USA pacific time. > > --Ian > _______________________________________________ > Retrospectiva-general mailing list > Retrospectiva-general at rubyforge.org > http://rubyforge.org/mailman/listinfo/retrospectiva-general From ian at ianduggan.net Wed Mar 12 16:42:21 2008 From: ian at ianduggan.net (Ian Duggan) Date: Wed, 12 Mar 2008 13:42:21 -0700 Subject: [Retrospectiva-general] Ldap Adapter? In-Reply-To: <74CDFAEC-EA51-43C0-B0ED-61462F6BDF8C@tramchase.com> References: <47B08CF4.5040909@ianduggan.net> <47B4E06D.1080109@ianduggan.net> <47B53D05.9060502@dvisionfactory.com> <47B5D2DA.9030701@ianduggan.net> <74CDFAEC-EA51-43C0-B0ED-61462F6BDF8C@tramchase.com> Message-ID: <47D8402D.6000903@ianduggan.net> Jamie Wilkinson wrote: > Hi Ian, have you made any progress with your LDAP auth adapter? Sorry, no. We ended up installing Redmine since it had the nice console and LDAP integration already. I wanted to go with Retro (the code is nice) but didn't have time to hack this in at the moment. Unfortunately, Redmine is GPL and Retro is MIT, so the LDAP stuff for Retro will have to be coded rather than borrowed... I have designs on the Retro code (the MIT license is favorable) so I may revisit this in the next few months. > I wrote an LDAP plugin long ago, pre auth API, and I had to fallback on > plain auth after recently upgrading to the latest & greatest. Any effort > saved is appreciated! If you do end up doing something the key would be to allow the LDAP server to do the bind (so you can pass that back through PAM/Kerberos whatever). Don't store the passwords in LDAP. That makes it hard to integrate Kerberos, for example. Allowing anonymous bind would be good as well (for initial lookup). The Redmine stuff does not support that currently. --Ian