「その場でユーザーを作成する」オプションを SSO と組み合わせて使用しようとしています。ここで説明されているように SSO を構成しました:ドメインへの入力時に Redmine へのサイレント ログインを構成する方法は?
whoami /FQDN
以下を与える:
CN=..my name and surname here..,
OU=IT,
OU=Users,
OU=..user unit 1..,
OU=..user unit 2,
DC=mydomain,
DC=company,
DC=org
これは私の構成です:
Name = Ldap Authentication
Host = ip of domain controller here
Port = 389
LDAPS = no
Account = MYDOMAIN\UserName
Password = <password>
Base DN = DC=mydomain,DC=company,DC=org
On-the-fly user creation = yes
Attributes
Login = sAMAccountName
Firstname = givenName
Lastname = sN
Email = mail
これで、Redmine UI にユーザーを登録し、モードを「Ldap 認証」に指定すると、このユーザーが自動的にログインできるようになりました。
ただし、このユーザーを Redmine UI で手動で登録しないと、次のようになります。
SSO を使用する場合:
Started GET "/redmine/" for 127.0.0.1 at 2013-09-02 11:22:45 +0400
Processing by WelcomeController#index as */*
[1m[35m (0.0ms)[0m SELECT MAX(`settings`.`updated_on`) AS max_id FROM `settings`
[1m[36mUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND `users`.`login` = 'aleksey.bykov'[0m
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND (LOWER(login) = 'aleksey.bykov') LIMIT 1
[1m[36mAnonymousUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
Current user: anonymous
[1m[35mRole Load (0.0ms)[0m SELECT `roles`.* FROM `roles` WHERE `roles`.`builtin` = 2 LIMIT 1
[1m[36mSQL (0.0ms)[0m [1mSELECT `news`.`id` AS t0_r0, `news`.`project_id` AS t0_r1, `news`.`title` AS t0_r2, `news`.`summary` AS t0_r3, `news`.`description` AS t0_r4, `news`.`author_id` AS t0_r5, `news`.`created_on` AS t0_r6, `news`.`comments_count` AS t0_r7, `projects`.`id` AS t1_r0, `projects`.`name` AS t1_r1, `projects`.`description` AS t1_r2, `projects`.`homepage` AS t1_r3, `projects`.`is_public` AS t1_r4, `projects`.`parent_id` AS t1_r5, `projects`.`created_on` AS t1_r6, `projects`.`updated_on` AS t1_r7, `projects`.`identifier` AS t1_r8, `projects`.`status` AS t1_r9, `projects`.`lft` AS t1_r10, `projects`.`rgt` AS t1_r11, `projects`.`inherit_members` AS t1_r12, `users`.`id` AS t2_r0, `users`.`login` AS t2_r1, `users`.`hashed_password` AS t2_r2, `users`.`firstname` AS t2_r3, `users`.`lastname` AS t2_r4, `users`.`mail` AS t2_r5, `users`.`admin` AS t2_r6, `users`.`status` AS t2_r7, `users`.`last_login_on` AS t2_r8, `users`.`language` AS t2_r9, `users`.`auth_source_id` AS t2_r10, `users`.`created_on` AS t2_r11, `users`.`updated_on` AS t2_r12, `users`.`type` AS t2_r13, `users`.`identity_url` AS t2_r14, `users`.`mail_notification` AS t2_r15, `users`.`salt` AS t2_r16 FROM `news` LEFT OUTER JOIN `projects` ON `projects`.`id` = `news`.`project_id` LEFT OUTER JOIN `users` ON `users`.`id` = `news`.`author_id` AND `users`.`type` IN ('User', 'AnonymousUser') WHERE (((projects.status <> 9 AND projects.id IN (SELECT em.project_id FROM enabled_modules em WHERE em.name='news')) AND (projects.is_public = 1))) ORDER BY news.created_on DESC LIMIT 5[0m
[1m[35mCACHE (0.0ms)[0m SELECT `roles`.* FROM `roles` WHERE `roles`.`builtin` = 2 LIMIT 1
[1m[36mProject Load (0.0ms)[0m [1mSELECT `projects`.* FROM `projects` WHERE (((projects.status <> 9) AND (projects.is_public = 1))) ORDER BY created_on DESC LIMIT 5[0m
Rendered welcome/index.html.erb within layouts/base (0.0ms)
Completed 200 OK in 16ms (Views: 0.0ms | ActiveRecord: 0.0ms)
ログインフォームを使用する場合:
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"?", "authenticity_token"=>"OD+bA1wXN6WWa0QqZ2umHbVYFJw9gH5Tn5mAmgn/sxY=", "back_url"=>"http://localhost/redmine/", "username"=>"aleksey.bykov", "password"=>"[FILTERED]", "login"=>"Вход »"}
[1m[35m (0.0ms)[0m SELECT MAX(`settings`.`updated_on`) AS max_id FROM `settings`
[1m[36mUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND `users`.`login` = 'aleksey.bykov'[0m
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND (LOWER(login) = 'aleksey.bykov') LIMIT 1
[1m[36mAnonymousUser Load (0.0ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
Current user: anonymous
[1m[35mUser Load (0.0ms)[0m SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`login` = 'aleksey.bykov'
[1m[36mUser Load (15.6ms)[0m [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND (LOWER(login) = 'aleksey.bykov') LIMIT 1[0m
[1m[35mAuthSource Load (0.0ms)[0m SELECT `auth_sources`.* FROM `auth_sources` WHERE `auth_sources`.`onthefly_register` = 1
Authenticating 'aleksey.bykov' against 'Ldap Authentication'
Failed login for 'aleksey.bykov' from ::1 at 2013-09-02 07:25:36 UTC
Rendered account/login.html.erb within layouts/base (0.0ms)
Completed 200 OK in 94ms (Views: 0.0ms | ActiveRecord: 15.6ms)
電子メール、名、姓のフィールドは AD に存在します。私のドメイン アカウントには、AD からの読み取り権限があります。
「その場でユーザーを作成」オプションをどのように適切に構成しますか?