Help

IMPORTANT: As of the 2.0.1. release it is no longer necessary to copy the LDAP plugin directory to vendor/plugins in order to install. The LDAP plugin is now pre-installed, but now must be explicitly enabled in config/auth_config.yml. See step 4 below.

1. Before you can use Mingle LDAP authentication, you must first complete the standard Mingle installation and configuration. Make sure that you setup a user with both full Mingle administrative privileges and a login that is also contained in your LDAP directory.
2. Stop Mingle server.
3. Edit mingle_data_directory/config/auth_config.yml to contain your configuration:
For Active Directory:

  authentication: ldap
  ldap_settings:
    ldapserver: hostname
    ldapport: port
    ldapbinduser: user
    ldapbindpasswd: password
    ldapbasedn: ou=Users,dc=MyCompany,dc=COM
    ldapfilter: sAMAccountName
    ldapobjectclass: organizationalPerson
    ldap_map_fullname: cn
    ldap_map_mail: mail
    ldapgroupdn : cn=MingleUsers,ou=Groups,dc=MyCompany,dc=COM
    ldapgroupobjectclass : group
    ldapgroupattribute : member
    auto_enroll: true
    auto_enroll_as_mingle_admin: false
    

For OpenLDAP:

  authentication: ldap
  ldap_settings:
    ldapserver: hostname
    ldapport: port
    ldapbinduser: user
    ldapbindpasswd: password
    ldapbasedn: ou=People,dc=MyCompany,dc=COM
    ldapfilter: uid
    ldapobjectclass: posixAccount
    ldap_map_fullname: cn
    ldap_map_mail: mail
    ldapgroupdn : cn=MingleUsers,ou=Groups,dc=MyCompany,dc=COM
    ldapgroupobjectclass : posixGroup
    ldapgroupattribute : memberUid
    auto_enroll: true
    auto_enroll_as_mingle_admin: false
    

4. Notice the first line of each configuration above, as of 2.0.1 it is now necessary to explicitly state an authentication of type 'ldap' in order to use the LDAP authentication plugin.

   If you have enabled basic authentication, it will also be necessary to state that basic_authentication is of type 'ldap:'

  basic_authentication_enabled: true
  basic_authentication: ldap
  authentication: ldap 
  ldap_settings: 
    ldapserver: ...
    ...
      

5. Start Mingle server.
6. Login as the user you configured in Step 1, but this time using the LDAP password rather than the Mingle password. This user will still have full Mingle admin privileges. This user can make future Mingle users Mingle admins if you wish to grant others that privilege.

7. Any users enrolled in your LDAP directory can now login to Mingle. When they login to Mingle, a Mingle account will be automatically created if it does not already exist. Once a user has logged in for the first time s/he can be granted access to projects.

   If for some reason, you did not wish for Mingle users to be automatically created, you could set 'auto_enroll' to false in your configuration. Note that this would require anyone logging in to already exist in the Mingle database. This setting would typically never be used. The default value of 'auto_enroll' is true.

8. If auto_enroll_as_mingle_admin was set to true, any new users in your LDAP directory can not only log into Mingle, they will also be made administrators by default. The default value of 'auto_enroll_as_mingle_admin' is false.
9. New in 2.0: ldapgroupdn, ldapgroupobjectclass and ldapgroupattribute are for group authentication. If the user is not in the group specific in ldapgroupdn, user will not be able to login to Mingle even if user has valid username/password. In order to disable this group feature, comment out or remove these three attributes.

Should you ever wish to turn off LDAP authentication, simply change the values of 'authentication' and 'basic_authentication' in the config/auth_config.yml file to the type of authentication you wish to switch to, either 'cas' or 'mingle' (Note: cas will not work for basic_authentication). After restarting the Mingle server, users will then be able to use the Mingle password recovery feature in order to set a Mingle password.