Added by Issa Gorissen 10 days ago
Dear OpenProject Community,
We are currently evaluating a specific authentication use case and would appreciate confirmation on whether this configuration is supported.
Our Goal:
Authentication: Handle all user logins via a SAML provider.
Authorization/Groups: Fetch user group memberships from an LDAP server.
Current Progress:
SAML: Successfully configured; users can log in without issues.
LDAP: The connection is established, and OpenProject successfully "sees" the groups from our LDAP server.
Despite the connection working, the LDAP groups remain empty in OpenProject. It appears the system isn't successfully mapping the SAML-authenticated users to their respective LDAP groups.
Is this "hybrid" setup (SAML Auth + LDAP Group Sync) currently supported in OpenProject? If so, are there specific mapping attributes required to link the SAML user identity to the LDAP entry?
Thank you in advance for your help!
Best regards,
--
Issa
Replies (1)
If this can help somebody else, with guidance from OpenProject support, I manage to diagnose and resolve the issue. The LDAP account used was not permitted to access the ou=people,dc=... subtree to read the user accounts
Support directed me to launch a command inside a console in rails, such as (deployment here is inside containers)
Thx again to OP support team for their help :)