Comments (25)
I have to improve the code first to allow multiple authentication backend. But it's definitively a good idea.
from kanboard.
Do you also have "web auth" in mind ? I think about OAuth2, for example. Using a library like https://github.com/Lusitanian/PHPoAuthLib, it should be simple.
But it will go against the "no external dependencies" of Kanboard ;-)
from kanboard.
It's a very good ideas to implement OAuth...
from kanboard.
+1 for the LDAP connection (and by accepting the user as a REMOTE send by SSO)
Will be perfect in a Yunohost installation (already prepare a package for your Kanboard, but will be defintly better if we have the LDAP used also)
from kanboard.
I will probably implement external authentication for the next release of Kanboard.
I plan to have those providers for the first version:
- Internal LDAP server
- Github
- Microsoft
If you need other providers, just tell me.
from kanboard.
I implemented the LDAP authentication in master: http://kanboard.net/documentation/ldap-authentication
I will also add Google later.
from kanboard.
Google authentication is now supported: http://kanboard.net/documentation/google-authentication
from kanboard.
Hello,
I installed and configured kanboard on Ubuntu Server with LDAP authentication.
I use an LDAP Novell eDirectory.
I want to use LDAP proxy user (with appropriaites rights) to read all properties of my Directory.
I would, moreover, be able to perform a recursive reading (in sub organizational units).
Is this possible?
Currently, only the accounts present in the organizational unit specified in the variable LDAP_USER_DN are exploitable.
Example of desired configuration:
define ('LDAP_AUTH', true);
define ('LDAP_SERVER', 'myserver.mydomain.fr');
define ('LDAP_USER_DN', 'cn =% s');
define ('LDAP_PROXYUSER_NAME', 'cn = myproxyuser, o = myproxyuserDN');
define ('LDAP_PROXYUSER_PWD', 'myproxyuserpwd');
define ('LDAP_RECURSIVE', true);
PS : Is there a french forum for Kanboard.
Thanks for your help.
Philippe.
from kanboard.
I have never used Novell eDirectory, to implement this behaviour I need to simulate that on my development environment (at least reproduce a similar environment with OpenLdap because Novell eDirectory is not free).
- What is exactly the purpose of the Proxy User?
- Do you know another open source project compatible with your setup? (maybe I can see an example of their implementation to help me).
Il y a pas de forum en français mais tu peux écrire ici en français quand même.
from kanboard.
While ldap is also supported by it, a native OwnCloud (www.owncloud.org) login for Kanboard would be nice as it could then be directly included in the webinterface of owncloud via the "webapp" plugin even if ldap isn't used.
from kanboard.
Hello,
In addition to my recent post, attached an example php for reading a novell ldap directory (ldap standards compliance).
The proxy user has access rights to the various properties of objects in the directory (according to the rights granted by the administrator).
The access to "email" and "fullname" properties would allow automatically completion the information of the connected user.
I hope this will help.
Philippe.
"; } ldap_close($ldapconn); //Closing the LDAP connection ?>
from kanboard.
Excellent little piece of software, small footprint, great stuff - provides freedom from Trello :-).
However, I have a few issues with the LDAP login, which is really great to have. I am running OpenLDAP 2.4 on my FreeBSD server and use the email address defined in the OpenLDAP directory as user-friendly user"name". Currently, this does not go well with the simple definition of username in the kanboard config file. Ideally, the config file could let me define, which LDAP (unique) attribute is going to be used as username, giving a range of the cn, uid and mail attributes, for instance.
This would also involve a softening of the username restriction demanding alphanumeric characters, only, once I am logged in and want to change user details.
Finally, I have my users sorted into LDAP groups that correspond to the applications users are allowed to login to. Hence, a filter field would be great to have - very much as seen in all those LDAP-enabled management applications (Redmine, dotProject, ...).
Thoughts? Thanks a million, and let me know whether this is useful food for thought.
Chris
from kanboard.
The LDAP connection will be improved later to be more flexible. Just be patient :)
from kanboard.
Terrific, thank you so much Frédéric!
Best regards from Jamaica,
Chris
from kanboard.
Hi!, would it be possible to enable Apache2 based external authentication?, we already have Apache+kerberos integrated and we cannot request an user for each web application.
from kanboard.
My github oath doesn't work. what is the correct link to implemet in the login page to use my github account?
from kanboard.
Turning it on in your config.php
should be enough for the link to appear. How far did you get in http://kanboard.net/documentation/github-authentication?
Any error messages?
from kanboard.
The LDAP support have been improved since the creation of this ticket. There is now a specific user for authentication (proxy user) and the full name and the email address are fetched automatically at user creation. (see the doc for more details).
Please open a separate ticket for different issues thanks.
from kanboard.
Dear Frédéric,
Well noted and responded earlier. Things work perfectly well. A huge
thank you!
Have a brilliant weekend,
Chris
from kanboard.
In the development version I downloaded today, I can only get AD/LDAP authentication to work if I put a plain-text password into config.php (LDAP_USER_PASSWORD). Could we please get back the previous functionality where this wasn't required? I notice the LDAP_USER_DN attribute is no longer used, which seemed to allow this? While I understand the underlying LDAP code is improved, for me as an end-user, this is major step backwards. Is there a new way I can achieve AD/LDAP auth without a proxy user and clear-text password?
from kanboard.
It is typically difficult in corporate environments to obtain an AD proxy user, and if one is requested and received, oftentimes the password must be changed every 90 days making it intolerable to maintain. I have LDAP users configured in my kanboard, and am unable to upgrade due to this problem. Changing the users from LDAP to kanboard-only users is not possible, so I'm really stuck now. Help!
from kanboard.
@ryebread157 Hi buddy, I just improved again the LDAP auth, this time I hope to satisfy everybody.
Now you got 3 different ways to bind to the LDAP server: "anonymous", "proxy user" and "user". If you don't want a proxy user and a clear password use the last method "user" for ActiveDirectory. There is 2 examples in the documentation https://github.com/fguillot/kanboard/blob/master/docs/ldap-authentication.markdown
from kanboard.
I've been meaning to say THANKS. I tested this out successfully the day you
sent the update out and have been using it happily since then. I really
appreciate the understanding and quick response!
On Tue, Aug 19, 2014 at 6:35 PM, Frédéric Guillot [email protected]
wrote:
@ryebread157 https://github.com/ryebread157 Hi buddy, I just improved
again the LDAP auth, this time I hope to satisfy everybody.Now you got 3 different ways to bind to the LDAP server: "anonymous",
"proxy user" and "user". If you don't want a proxy user and a clear
password use the last method "user" for ActiveDirectory. There is 2
examples in the documentation
https://github.com/fguillot/kanboard/blob/master/docs/ldap-authentication.markdown—
Reply to this email directly or view it on GitHub
#4 (comment).
Ryan C. Anderson
[email protected]
from kanboard.
Hello,
i have a OpenLDAP with Samba support.
Is there a way to use the "sambaNTPassword" atttibute as password to authenticate?
I have also found this: http://www.jotschi.de/Uncategorized/2010/08/10/howto-generate-sambantpassword-ldap-attribute.html
Thanks a lot.
from kanboard.
Seems like embedding Kanboard into Owncloud is pretty popular, but not everyone wants to set up an external authentification service.
I think this gives some idea how kanboard could authentificate against Owncloud:
https://doc.owncloud.org/server/8.1/developer_manual/core/externalapi.html
(as it follows the OCS standard, it might work with other websites also in the future).
from kanboard.
Related Issues (20)
- UX & accessibility suggestion: use darker shades for the metadata header in task details view mode while running the automatic dark theme HOT 1
- Task details editor popover does not make efficient use of the available vertical space by default
- Malformed API response
- Use creator_id param in task api procedure - creation
- Allow closing VS do NOT close modals by clicking outside on the background HOT 3
- add arabic language support ! HOT 1
- Internally linked task cards with long titles have incorrectly wrapping text HOT 1
- CVE-2024-22720 / HTML Injection Vulnerability in Kanboard Group Management HOT 3
- 500 Server Error on login HOT 1
- Bulk editing of due date for sub tasks
- Assign more than one user to a task HOT 1
- Remote administrator changes username, resulting in loss of project data
- Expenses based on static costs assigned to tasks HOT 1
- The Direction of Kanboard Is Mistaken HOT 3
- Bypass Reverse Proxy for local IPs HOT 1
- New Version of Broadcast Plugin HOT 1
- Cron fails if an action is created without setting a duration
- Add a task name to the web notifications list (instead of just a #id - as it is now) HOT 4
- External hyperlinks in task descriptions should use `rel=noreferrer` for security and privacy HOT 2
- [v1.2.36] Commenting buggy HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kanboard.