Difference between revisions of "Cool Solution - Install Redmine and setup ldap authentication"

From Univention Wiki

Jump to: navigation, search
(Replaced content with "This page has been moved to the Knowledge Base Cool Solutions in the Forum. [https://help.univention.com/t/cool-solution-install-redmine-and-setup-ldap-authentication/126...")
Tag: Replaced
 
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{Cool Solutions Disclaimer|Repository=no|UCS=4.0}}
+
This page has been moved to the Knowledge Base Cool Solutions in the Forum.
  
This article will explain, how to setup redmine with ldap authentication in UCS 4.0
+
[https://help.univention.com/t/cool-solution-install-redmine-and-setup-ldap-authentication/12694/3 Cool Solution - Install Redmine and setup ldap authentication]
 
 
== Installation  ==
 
 
 
=== Activate unmaintained packages  ===
 
 
 
First activate the unmaintained repository with
 
<pre>ucr set repository/online/unmaintained='yes'
 
</pre>
 
''Hint:'' [http://sdb.univention.de/1164 Unmaintained packages] are not covered by security updates.
 
 
 
=== Install packages  ===
 
 
 
A lot of packages are required:
 
<pre>
 
univention-install univention-postgresql apache2 rake rubygems \
 
libopenssl-ruby libpgsql-ruby libmagickcore-dev libmagickwand-dev \
 
libpq-dev libapache2-mod-passenger libapache-dbi-perl ruby-dev libmysql-ruby \
 
libmysqlclient-dev subversion libapache2-svn libdbd-pg-perl libpg-perl \
 
libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl \
 
libdigest-sha-perl libauthen-simple-ldap-perl
 
</pre>
 
 
 
=== Download current version  ===
 
 
 
Go to [http://www.redmine.org/releases/redmine-2.6.3.tar.gz] and download the current version.
 
 
 
Unpack it and move it to ''/var/lib/redmine''
 
<pre>tar xzf redmine-2.6.3.tar.gz
 
mv redmine-2.6.3 /var/lib/redmine
 
cd /var/lib/redmine/
 
</pre>
 
 
 
=== gem install  ===
 
 
 
The next step we have to install blundler packages (to manage dependencies for ruby applications) with gem.
 
<pre>gem install bundler
 
</pre>
 
 
 
=== Prepare database connection  ===
 
 
 
In this setup we use postgresql. You have to create a username and a database.
 
 
 
Switch to the postgres database superuser.
 
<pre>su postgres
 
</pre>
 
and execute
 
<pre>psql
 
</pre>
 
to connect you to postgres. Execute the following command to create a user redmine. Please set &lt;password&gt; to your favorit.
 
<pre>CREATE ROLE redmine LOGIN ENCRYPTED PASSWORD '&lt;password&gt;' NOINHERIT VALID UNTIL 'infinity';
 
</pre>
 
Create the database redmine and set the owner to redmine with the following command:
 
<pre>CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine TEMPLATE template0;
 
</pre>
 
close the postgres connection with
 
<pre>\q
 
</pre>
 
and exit the postgres session with
 
<pre>exit
 
</pre>
 
Now you should have a user named redmine which own a database named also redmine. The next step is to edit the database settings in redmine config file. Copy the example file to config/database.yml
 
<pre>cp config/database.yml.example config/database.yml
 
vim config/database.yml
 
</pre>
 
Only the following settings are required:
 
<pre># PostgreSQL configuration
 
production:
 
  adapter: postgresql
 
  database: redmine
 
  host: localhost
 
  username: redmine
 
  password: "&lt;password&gt;"
 
</pre>
 
Replace &lt;password&gt; with your password and beware the two spaces in front of the lines after ''production''. Save the file and reexecute the following commands:
 
bundle will install all dependencies with:
 
<pre>/var/lib/redmine# /var/lib/gems/1.9.1/gems/bundler-1.9.4/bin/bundle install --without development test mysql sqlite
 
/var/lib/gems/1.9.1/gems/rake-10.4.2/bin/rake generate_secret_token RAILS_ENV=production
 
/var/lib/gems/1.9.1/gems/rake-10.4.2/bin/rake config/initializers/secret_token.rb RAILS_ENV=production
 
/var/lib/gems/1.9.1/gems/rake-10.4.2/bin/rake db:migrate RAILS_ENV=production
 
</pre>
 
Load the default data:
 
<pre>
 
/var/lib/gems/1.9.1/gems/rake-10.4.2/bin/rake redmine:load_default_data RAILS_ENV=production
 
</pre>
 
(Press enter to confirm the default language [en])
 
== Apache-passenger module ==
 
We have to install the last version of the apache 2 module for passenger application server (aware of Rails 3). See [http://www.redmine.org/boards/1/topics/33835 dispatcher load error] For more details
 
<pre>apt-get install build-essential libcurl4-openssl-dev apache2-threaded-dev libapr1-dev libaprutil1-dev
 
</pre> <pre>gem install passenger
 
</pre>
 
after successful installation execute following command and follow the onscreen instructions:
 
<pre>/var/lib/gems/1.9.1/gems/passenger-5.0.6/bin/passenger-install-apache2-module
 
Welcome to the Phusion Passenger Apache 2 module installer, v4.X
 
Press Enter to continue, or Ctrl-C to abort
 
Enter
 
Are you sure you want to install against Apache 2.Y (/usr/bin/apxs2)? [y/n]: y
 
...
 
The Apache 2 module was successfully installed.
 
Press ENTER to continue.
 
</pre>
 
 
 
Once the module is installed, add the path to the module in apache.
 
 
 
Edit the file '''/etc/apache2/mods-available/passenger.load''' (insert the correct version number of passenger - e.g. passenger-4.0.20):
 
<pre>LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-5.0.6/buildout/apache2/mod_passenger.so
 
</pre>
 
also edit the file '''/etc/apache2/mods-available/passenger.conf''' to:
 
<pre>&lt;IfModule mod_passenger.c&gt;
 
  PassengerRoot /var/lib/gems/1.9.1/gems/passenger-5.0.6
 
  PassengerDefaultRuby /usr/bin/ruby1.9.1
 
  PassengerDefaultUser www-data
 
&lt;/IfModule&gt;
 
</pre>
 
 
 
and enable passenger module with:
 
<pre>a2enmod passenger
 
</pre>
 
 
 
== Configure apache  ==
 
 
 
Set a symlink to redmine and change the owner:
 
<pre>ln -s /var/lib/redmine/public /var/www/redmine
 
chown -R www-data:www-data /var/www/redmine
 
</pre>
 
also create folder, change owner and file permissions
 
<pre>
 
mkdir -p public/plugin_assets
 
chown -R www-data:www-data files log tmp public/plugin_assets
 
chmod -R 755 files log tmp public/plugin_assets
 
</pre>
 
create a new file in sites-available and activate it:
 
<pre>echo "RailsBaseURI /redmine" &gt; /etc/apache2/sites-available/redmine
 
a2ensite redmine
 
</pre>
 
the last command, restart apache:
 
<pre>/etc/init.d/apache2 restart
 
</pre>
 
That's it. You will find redmine at either: localhost/redmine your-ip/redmine or your-domain/redmine
 
 
 
Login with username=admin and password=admin
 
 
 
Go to '''Administration''' -> '''Users''' -> '''admin''' and create a new password for the admin users in the Authentication (Internal) box. Click '''Save''' to set.
 
 
 
<br>
 
 
 
== Configuration of redmine  ==
 
 
 
=== Create a simple authentication account  ===
 
 
 
First, a simple authentication account should be created using the UDM.
 
<pre>udm users/user create --option ldap_pwd --set lastname=redmine --set username=redmine --set password=&lt;password&gt; --position cn=users,&lt;ldap/base&gt;
 
</pre>
 
Change &lt;password&gt; with your favorit and &lt;ldap/base&gt; with the output from ''ucr get ldap/base'' This account can then be used for an authenticated bind. To find the DN of the account issue the following command on the command line:
 
<pre>udm users/user list --filter name=&lt;NAME of the account&gt; | grep DN</pre>
 
<br>
 
 
 
=== Configuration of redmine for ldap authentication ===
 
 
 
Go to redmine (http://server-ip/redmine/login) and login with admin. Go to '''administration -&gt; LDAP authentication'''. Create a new authentication mode with the following settings.
 
<pre>Name    = My Directory
 
Host    = master.domain.org (get with: ''hostname -f'')
 
Port    = 7636
 
LDAPS    = yes
 
Account  = &lt;DN of the authentication account&gt;
 
Password = &lt;password of the authentication account&gt;
 
Base DN  = CN=users,DC=host,DC=domain,DC=org (get with: ''ucr get ldap/base'')
 
 
 
On-the-fly user creation = yes
 
Attributes
 
  Login    = uid
 
  Firstname = givenName
 
  Lastname  = sn
 
  Email    = mailPrimaryAddress
 
</pre>
 
By checking on-the-fly user creation, any LDAP user will have his redmine account automatically created the first time he logs into redmine. For that, you have to specify the LDAP attributes name (firstname, lastname, email) that will be used to create their redmine accounts. see [http://www.redmine.org/projects/redmine/wiki/RedmineLDAP RedmineLDAP] for further information
 
 
 
''Note:'' When creating a redmine user in UCS, the email address goes in the '''Contact''' tab of the  User creation form.
 
User data will be retrieved the first time the user logs in. Changes in UCS do not get automatically updated to redmine DB.
 
<br>
 
 
 
<!--
 
 
 
== Integration of subversion with ldap auth  ==
 
 
 
 
 
=== Create Folder for repositories ===
 
Next we have to create a folder for our repositories. Don't create a folder under ''/var/www'', it will generate some errors. We choose ''/var/svn'' for this example. Also set the right permissions.
 
<pre>
 
mkdir /var/svn
 
chown www-data:www-data /var/svn
 
</pre>
 
 
 
=== Automating repository creation ===
 
Enable '''WS for repository management''' option in your redmine settings. Open yourdomain/redmine and login with admin account. Go to '''Administration -> Settings -> Repositories'''. Enable '''[X] WS for repository management'''. Notice the API key for the next step.
 
"Generate a key"
 
'Save'
 
You can now add this line in your crontab (replace yourdomain and yourAPIkey):
 
<pre>
 
ucr set cron/redmine/time='10 * * * *' cron/redmine/command='/usr/bin/ruby /var/lib/redmine/extra/svn/reposman.rb --redmine http://server.domain.org/redmine --svn-dir /var/svn --owner www-data --group www-data --url http://server.domain.org/svn --verbose --key=yourAPIkey --command="/usr/bin/svnadmin create" >> /var/log/reposman.log'
 
</pre>
 
Now every 10 minutes reposman.rb will look for new projects and create a repository for it.
 
 
 
=== Apache configuration for Subversion repositories ===
 
Enabling apache modules:
 
<pre>
 
a2enmod dav
 
a2enmod dav_svn
 
a2enmod perl
 
</pre>
 
 
 
Create a new file 'subversion.conf' in the directory '''/etc/apache2/conf.d/''' and add the following location directives (replace ''your.redmine.server.ip'' and ''yourDatabasePassword'')
 
<pre>
 
# /svn location for users
 
PerlLoadModule Apache::Redmine
 
PerlLoadModule Authen::Simple::LDAP
 
 
 
<Location /sys>
 
  Order deny,allow
 
  Allow from your.redmine.server.ip
 
  Deny from all
 
</Location>
 
 
 
<Location /svn>
 
    DAV svn
 
    LimitXMLRequestBody 0
 
    SVNPathAuthz off
 
    SVNParentPath "/var/svn"
 
    AuthType Basic
 
    AuthName "Redmine Subversion Repository"
 
    Require valid-user
 
    PerlAccessHandler Apache::Authn::Redmine::access_handler
 
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
 
    AuthUserFile /dev/null
 
    # postgresqlconnection
 
    RedmineDSN "DBI:Pg:dbname=redmine;host=localhost"
 
    RedmineDbUser "redmine"
 
    RedmineDbPass "yourDatabasePassword"
 
    #Cache the last 50 auth entries
 
    RedmineCacheCredsMax 50
 
</Location>
 
</pre>
 
 
 
=== Link and fix Redmine.pm ===
 
If it's not there, you have to link Redmine.pm to perl5/Apache folder:
 
<pre>
 
ln -s /var/lib/redmine/extra/svn/Redmine.pm /usr/lib/perl5/Apache/
 
</pre>
 
 
 
We have to fix the code in Redmine.pm.
 
 
 
Change '''line 490''' to the following:
 
<pre>
 
host    =>      ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : "ldap://$rowldap[0]:$rowldap[1]",
 
</pre>
 
and comment '''line 491''' like shown:
 
<pre>
 
#port    =>      $rowldap[1],
 
</pre>
 
This code change is required, because Authen::Simple::LDAP ignore the port number and connect always to 389 (standart ldap port).
 
 
 
=== Finish the setup ===
 
after all execute:
 
<pre>
 
service apache2 restart
 
</pre>
 
Now you can access your repositories under http://yourdomain/svn/myproject and your redmine under http://yourdomain/redmine
 
 
 
-->
 
 
 
== Further links ==
 
*[http://www.redmine.org/ Redmine]
 
*[http://www.redmine.org/projects/redmine/wiki Redmine Wiki]
 
*[http://www.redmine.org/projects/redmine/wiki/HowTos Redmine HowTos]
 
*[http://www.redmine.org/projects/redmine/wiki/RedmineLDAP Redmine and LDAP]
 
*[http://www.redmine.org/projects/redmine/wiki/HowTo_configure_Redmine_for_advanced_Subversion_integration Redmine and Subversion]
 
 
 
 
 
 
 
[[Category:EN]][[Category:Howtos]]
 

Latest revision as of 14:07, 9 August 2019

This page has been moved to the Knowledge Base Cool Solutions in the Forum.

Cool Solution - Install Redmine and setup ldap authentication

Personal tools