https://github.com/savchuk1985/roundup-ldap3
LDAP extension for Roundup Issue Tracker
https://github.com/savchuk1985/roundup-ldap3
account-management extension helpdesk issue-tracker ldap ldap-authentication ldaps mit-licensed python python3 roundup user-authentication user-management user-synchronization
Last synced: about 1 year ago
JSON representation
LDAP extension for Roundup Issue Tracker
- Host: GitHub
- URL: https://github.com/savchuk1985/roundup-ldap3
- Owner: savchuk1985
- License: mit
- Created: 2023-11-17T05:51:30.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-13T16:42:43.000Z (over 2 years ago)
- Last Synced: 2025-02-05T07:49:08.092Z (over 1 year ago)
- Topics: account-management, extension, helpdesk, issue-tracker, ldap, ldap-authentication, ldaps, mit-licensed, python, python3, roundup, user-authentication, user-management, user-synchronization
- Language: Python
- Homepage:
- Size: 5.86 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
LDAP extension for Roundup Issue Tracker
========================================
The extension provides authentication against an LDAP directory for Roundup
Issue Tracker. It uses the pure Python `ldap3` library to communicate over LDAP.
How It Works
------------
Authentication is performed using direct binding to the LDAP directory. User
properties stored in the database are not used for authentication and are always
created or updated according to information derived from the LDAP attributes.
Properties will be forced to update if present in the `user` class:
| Property | Attribute |
| -------------------- | ---------------------------------------- |
| `address` | `mail` |
| `alternate_addresses` | `mail`, if multiple |
| `organization` | `o` |
| `phone` | `telephoneNumber` or `mobile` |
| `realname` | `displayName` |
| `roles` | `memberOf` or search result for `member` |
User passwords are not synchronized. During the user creation on the tracker, a
random password is generated. This way, user accounts are always protected, even
if LDAP authentication is disabled.
Group membership information can also be used for authorization if provided. In
this case, the `memberOf` attribute will be checked first. Group entries will
only be searched if the user entry does not contain this attribute.
The extension uses the advanced logging capabilities of the `ldap3` module. LDAP
message activation and detail levels can be set in the extension configuration.
Installation
------------
Install the `ldap3` Python module on your operating system, virtual environment,
or container, depending on how your tracker is installed. Save the extension and
configuration file in the `extensions` directory of your tracker home. Change
the configuration settings and then restart the tracker.
Testing
-------
You can also test the extension using your Roundup demo installation and the
FreeIPA demo server `ipa.demo1.freeipa.org`. This can be done using the
configuration file distributed in this repository, which already contains the
required values.
More information about the FreeIPA demo instance, including credentials, can be
found here:
To test secure connections, you also need to download the CA certificate from
, then edit the extension configuration and
specify the CA file path. Note that when using a relative path, the root
directory is `extensions` and not the tracker home.
Restrictions
------------
* This was not designed to work with complex LDAP trees
* Authentication against Active Directory is not supported
* SASL bindings are not implemented
Contributing
------------
If you would like to contribute to the project:
* Open pull request with improvements
* Discuss ideas in issues
* Spread the word
* Reach out with any feedback
License
-------
Distributed under the MIT License. See `LICENSE.txt` for more information.
Contact
-------
Anton Savchuk