0

「その場でユーザーを作成する」オプションを SSO と組み合わせて使用​​しようとしています。ここで説明されているように SSO を構成しました:ドメインへの入力時に Redmine へのサイレント ログインを構成する方法は?

whoami /FQDN以下を与える:

CN=..my name and surname here..,
OU=IT,
OU=Users,
OU=..user unit 1..,
OU=..user unit 2,
DC=mydomain,
DC=company,
DC=org

これは私の構成です:

Name     = Ldap Authentication
Host     = ip of domain controller here
Port     = 389
LDAPS    = no
Account  = MYDOMAIN\UserName
Password = <password>
Base DN  = DC=mydomain,DC=company,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

これで、Redmine UI にユーザーを登録し、モードを「Ldap 認証」に指定すると、このユーザーが自動的にログインできるようになりました。

ただし、このユーザーを Redmine UI で手動で登録しないと、次のようになります。

SSO を使用する場合:

Started GET "/redmine/" for 127.0.0.1 at 2013-09-02 11:22:45 +0400
Processing by WelcomeController#index as */*
  [1m[35m (0.0ms)[0m  SELECT MAX(`settings`.`updated_on`) AS max_id FROM `settings` 
  [1m[36mUser Load (0.0ms)[0m  [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND `users`.`login` = 'aleksey.bykov'[0m
  [1m[35mUser Load (0.0ms)[0m  SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND (LOWER(login) = 'aleksey.bykov') LIMIT 1
  [1m[36mAnonymousUser Load (0.0ms)[0m  [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
  Current user: anonymous
  [1m[35mRole Load (0.0ms)[0m  SELECT `roles`.* FROM `roles` WHERE `roles`.`builtin` = 2 LIMIT 1
  [1m[36mSQL (0.0ms)[0m  [1mSELECT `news`.`id` AS t0_r0, `news`.`project_id` AS t0_r1, `news`.`title` AS t0_r2, `news`.`summary` AS t0_r3, `news`.`description` AS t0_r4, `news`.`author_id` AS t0_r5, `news`.`created_on` AS t0_r6, `news`.`comments_count` AS t0_r7, `projects`.`id` AS t1_r0, `projects`.`name` AS t1_r1, `projects`.`description` AS t1_r2, `projects`.`homepage` AS t1_r3, `projects`.`is_public` AS t1_r4, `projects`.`parent_id` AS t1_r5, `projects`.`created_on` AS t1_r6, `projects`.`updated_on` AS t1_r7, `projects`.`identifier` AS t1_r8, `projects`.`status` AS t1_r9, `projects`.`lft` AS t1_r10, `projects`.`rgt` AS t1_r11, `projects`.`inherit_members` AS t1_r12, `users`.`id` AS t2_r0, `users`.`login` AS t2_r1, `users`.`hashed_password` AS t2_r2, `users`.`firstname` AS t2_r3, `users`.`lastname` AS t2_r4, `users`.`mail` AS t2_r5, `users`.`admin` AS t2_r6, `users`.`status` AS t2_r7, `users`.`last_login_on` AS t2_r8, `users`.`language` AS t2_r9, `users`.`auth_source_id` AS t2_r10, `users`.`created_on` AS t2_r11, `users`.`updated_on` AS t2_r12, `users`.`type` AS t2_r13, `users`.`identity_url` AS t2_r14, `users`.`mail_notification` AS t2_r15, `users`.`salt` AS t2_r16 FROM `news` LEFT OUTER JOIN `projects` ON `projects`.`id` = `news`.`project_id` LEFT OUTER JOIN `users` ON `users`.`id` = `news`.`author_id` AND `users`.`type` IN ('User', 'AnonymousUser') WHERE (((projects.status <> 9 AND projects.id IN (SELECT em.project_id FROM enabled_modules em WHERE em.name='news')) AND (projects.is_public = 1))) ORDER BY news.created_on DESC LIMIT 5[0m
  [1m[35mCACHE (0.0ms)[0m  SELECT `roles`.* FROM `roles` WHERE `roles`.`builtin` = 2 LIMIT 1
  [1m[36mProject Load (0.0ms)[0m  [1mSELECT `projects`.* FROM `projects` WHERE (((projects.status <> 9) AND (projects.is_public = 1))) ORDER BY created_on DESC LIMIT 5[0m
  Rendered welcome/index.html.erb within layouts/base (0.0ms)
Completed 200 OK in 16ms (Views: 0.0ms | ActiveRecord: 0.0ms)

ログインフォームを使用する場合:

Processing by AccountController#login as HTML
  Parameters: {"utf8"=>"?", "authenticity_token"=>"OD+bA1wXN6WWa0QqZ2umHbVYFJw9gH5Tn5mAmgn/sxY=", "back_url"=>"http://localhost/redmine/", "username"=>"aleksey.bykov", "password"=>"[FILTERED]", "login"=>"Вход »"}
  [1m[35m (0.0ms)[0m  SELECT MAX(`settings`.`updated_on`) AS max_id FROM `settings` 
  [1m[36mUser Load (0.0ms)[0m  [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND `users`.`login` = 'aleksey.bykov'[0m
  [1m[35mUser Load (0.0ms)[0m  SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`status` = 1 AND (LOWER(login) = 'aleksey.bykov') LIMIT 1
  [1m[36mAnonymousUser Load (0.0ms)[0m  [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('AnonymousUser') LIMIT 1[0m
  Current user: anonymous
  [1m[35mUser Load (0.0ms)[0m  SELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND `users`.`login` = 'aleksey.bykov'
  [1m[36mUser Load (15.6ms)[0m  [1mSELECT `users`.* FROM `users` WHERE `users`.`type` IN ('User', 'AnonymousUser') AND (LOWER(login) = 'aleksey.bykov') LIMIT 1[0m
  [1m[35mAuthSource Load (0.0ms)[0m  SELECT `auth_sources`.* FROM `auth_sources` WHERE `auth_sources`.`onthefly_register` = 1
Authenticating 'aleksey.bykov' against 'Ldap Authentication'
Failed login for 'aleksey.bykov' from ::1 at 2013-09-02 07:25:36 UTC
  Rendered account/login.html.erb within layouts/base (0.0ms)
Completed 200 OK in 94ms (Views: 0.0ms | ActiveRecord: 15.6ms)

電子メール、名、姓のフィールドは AD に存在します。私のドメイン アカウントには、AD からの読み取り権限があります。

「その場でユーザーを作成」オプションをどのように適切に構成しますか?

4

1 に答える 1

0

single_auth プラグインがニーズに合うかもしれません。

この投稿(私の)が役立つ場合があります:

http://blog.techutils.space/2016/02/redmine-ad-sso-setup.html

single_auth プラグインのデフォルト設定に従いますが、mod_auth_ntlm_winbind apache モジュールを使用して、apache と ntlm_auth コマンドの間の橋渡しをするという考え方があります。ntlm_auth は、samba (この場合は samba 4) がドメインに参加する必要があります。

于 2016-02-14T16:02:30.487 に答える