Help

Mingle LDAP Authentication

This authentication plugin supports only LDAP. LDAPS and LDAP/TLS are not supported.

Installation

  1. Before you can use Mingle LDAP authentication, you must first complete the standard Mingle installation and configuration. Make sure that you setup a user with both full Mingle administrative privileges and a login that is also contained in your LDAP directory.
  2. Stop Mingle server.
  3. Copy plugins/ldap_auth directory to vendor/plugins/ldap_auth directory
  4. Edit mingle_data_directory/config/auth_config.yml to contain your configuration:

    5. For Active Directory: 
      ldap_settings:
    ldapserver: hostname
    ldapport: port
    ldapbinduser: user
    ldapbindpasswd: password
    ldapbasedn: ou=Users,dc=MyCompany,dc=COM
    ldapfilter: sAMAccountName
    ldapobjectclass: organizationalPerson
    ldap_map_fullname: cn
    ldap_map_mail: mail
    ldapgroupdn : cn=MingleUsers,ou=Groups,dc=MyCompany,dc=COM
    ldapgroupobjectclass : group
    ldapgroupattribute : member
    auto_enroll: true
  password_format: 
  auto_enroll_as_mingle_admin: false
  auto_enroll:

    For OpenLDAP: 
      ldap_settings:
    ldapserver: hostname
    ldapport: port
    ldapbinduser: user
    ldapbindpasswd: password
    ldapbasedn: ou=People,dc=MyCompany,dc=COM
    ldapfilter: uid
    ldapobjectclass: posixAccount
    ldap_map_fullname: cn
    ldap_map_mail: mail
    ldapgroupdn : cn=MingleUsers,ou=Groups,dc=MyCompany,dc=COM
    ldapgroupobjectclass : posixGroup
    ldapgroupattribute : memberUid
    auto_enroll: true
  password_format: 
  auto_enroll_as_mingle_admin: false
  auto_enroll: true
  5. Start Mingle server.
  6. Login as the user you configured in Step 1, but this time using the LDAP password rather than the Mingle password.
  7. Assuming that you set auto_enroll to true in Step 4, any users enrolled in your LDAP directory can now login to Mingle. When they login to Mingle, a Mingle account will be automatically created if it does not already exist. Once a user has logged in for the first time s/he can be granted access to projects.
  8. If auto_enroll_as_mingle_admin was set to true, any new users in your LDAP directory can not only log into Mingle, they will also be made administrators by default.
  9. If you would like minimal password restrictions, leave the password_format field empty. If you would like a strict password format which is a combination of alphanumeric characters and punctuation, then set the value of password format to :strict
  10. New in 2.0: ldapgroupdn, ldapgroupobjectclass and ldapgroupattribute are for group authentication. If the user is not in the group specific in ldapgroupdn, user will not be able to login to Mingle even if user has valid username/password. In order to disable this group feature, comment out or remove these three attributes.

Uninstall

Should you ever wish to turn off LDAP authentication, simply delete the ldap_auth directory from vendor/plugins. After restarting the Mingle server, users will then be able to use the Mingle password recovery feature in order to set a Mingle password.

If you are going to turn off LDAP integration, be absolutely sure that you configure Mingle SMTP successfully before turning off LDAP integration. This will ensure that the password recovery feature is available, allowing users to continue to use Mingle with Mingle's built-in authentication mechanism.