This plugins extends redmine's ldap authentication to perform group synchronization. In addition it provides a rake task to perform full user group synchronization.

The following should be noted:

• The plugin has only been tested with Active Directory but should work with other directories.
• It detects and disables users that have been marked as disabled on LDAP (see MS KB Article 305144 for more details).
• An user will only be removed from groups that exist on LDAP. This means that both ldap and non-ldap groups can coexist.
• Deleted groups on LDAP will not be deleted on redmine.

Follow the plugin installation procedure described at http://www.redmine.org/wiki/redmine/Plugins

Open Administration > Plugins and on the plugin configuration page you'll be able to set for each LDAP authentication.

LDAP settings:

• Active - Enable/Disable user/group synchronization for this LDAP authentication.
• Group base DN - The path to where the groups located. Eg, ou=people,dc=smokeyjoe,dc=com.
• Group name attribute - The ldap attribute from where to fetch the group's name. Eg, sAMAccountName.
• Members attribute - The ldap attribute from where to fetch the group's members. Eg, member.
• Groups objectclass - The groups object class.
• Users objectclass - The users object class.
• Group name pattern - (optional) An RegExp that should match up with the name of the groups that should be imported. Eg, \.team$.
• Group search filter - (optional) An LDAP search filter to be applied whenever search for groups.

Synchronization Actions:

• Users must be members of - (optional) A group to wich the users must belong to to have access enabled to redmine.
• Add users to group - (optional) A group to wich all the users created from this LDAP authentication will added upon creation. The group should not exist on LDAP.
• Create new groups - If enabled, groups that don't already exist on redmine will be created.
• Create new users - If enabled, users that don't already exist on redmine will be created when running the rake task.
• Sync users attributes - If enabled, the selected attributes will synchronized both on the rake tasks and after every login.
• Attributes to be synced - The attributes to be synchronized: "First name", "Last name" and/or "Email"

To do the full user synchronization execute the following:

rake redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

An alternative is to do it periodically with a cron task:

# Synchronize users with ldap @ every 60 minutes
35 *            * * *   root /usr/bin/rake -f /opt/redmine/Rakefile --silent redmine:plugins:redmine_ldap_sync:sync_users RAILS_ENV=production

• Group name attribute = sAMAccountName
• Members attribute = member
• Groups objectclass = group
• Users objectclass = user

• Group name attribute = cn / ??
• Members attribute = member
• Groups objectclass = groupOfNames
• Users objectclass = person / organizationalPerson

This plugin is released under the GPL v3 license. See LICENSE for more information.