Added by K T about 9 years ago
I’ve configure LDAP authentication on my OpenProject server.
When I try to add a new user with LDAP check I have to type whole information about one - 4 fields.
What and how should I do to enable autofill ?
P.S.
Server: Ubuntu 14.04.3 server x64
OP ver: 5.0.15 (Mysql2)
LDAP: Windows Server 2008 R2
on-the-fly option is enabled
Replies (9)
Hi K T,
not quite sure, if I can follow your information, so please accept my apologies for asking.
Do you add the Users to LDAP and then add them to OpenProject as well?
Usually it would be enough to just add a new user to LDAP. Once the user logs in the first time, all fields for the user should be filled on the fly, hence the “on-the-fly”-option.
Regards,
Oliver
Hi Oliver,
We have a Active Directory.
When I try to add new user from AD I have to fill all of fields (email, first name etc.) because they are required and system prevents me add new one with empty fields.
I don’t know how I can to change the behavior of system to fill just a login field.
Hi K T,
could you be more precise? At the moment I still don’t really understand, what you are trying to do and what you expect to happen.
What do you refer to by “system”? OpenProject, or your AD?
Best
Oliver
Hey,
OpenProject allows you to map specific attributes from LDAP to OpenProject user attributes. This set of attributes is unfortunately strictly limited, but is definitely sufficient to create users on the fly without any manual interaction.
Best,
Oliver
Hi Oliver,
Ok, I’ll try to describe the situation more detailed. The order of my actions is below:
If I leave at least one field blank - doesn’t matter which one - my browser tells about needing to fill all of ones.
But I wanna fill just a login.
So, my question is ‘What could I do incorrectly?’
Thank you for providing more detail, K T!
Actually, you don’t really have to manually add a new user to OpenProject.
Once your LDAP-/AD-connection is properly set up, whenever a user logs in, OpenProject will check for the users account.
If it is created, AND the auth method is LDAP/AD, OpenProject will only ask for permission, not check any internal password.
If it’s not created, LDAP/AD will be checked.
If the user is already member of LDAP/AD users, then OpenProject will only ask LDAP/AD for permission, create the user account (that’s what the one-the-fly option is for!) and log the user in.
Although this description of the process is not 100% correct, I hope it’s detailed enough to understand what I mean.
In essence: You do not need to enter user accounts manually, as long as they are already created within your ad.
Hope to be of help.
Best
Oliver
Hi,
Thank you all for your answers.
Oliver, if I understand you correct, for any users who has AD records and try signing in to my OpenProject server there will be created user record. In case, if on the OP server are set following options up ‘LDAP-connection’ and ‘on-the-fly’ .
Please, correct me if I don’t.
Hi K T,
that’s pretty much, how it is supposed to work.
Best
Oliver
Hi Oliver,
I’m glad to head that.
But what kind of roles and projects will be accessed for those users? And how administrator can know that new user was logged in?