Redmine install with Passenger module and LDAP auth on Debian squeeze

Introduction

I was setting up redmine for some project management monitoring for on of my colleges, and found that LDAP auth is a little under documented. I spent 2 days trouble shoouting until i got it working as desired.

Most of the install steps are used from redmines howto, with some additional points from my side. Also some error messages that I encountered have been solved in previous posts of mine.

Installation

First I will install packages needed.

Ruby files are:

apt-get install ruby libzlib-ruby rdoc irb

I have found alot of problems with repositary rubygems, so I decided to download the newest and install it.

cd /tmp
wget http://rubyforge.org/frs/download.php/76072/rubygems-1.8.24.zip
unzip rubygems-1.8.24.zip
cd rubygems-1.8.24
ruby setup.rb all
cd ..
rm -rf rubygems-1.8.24*

Then we need some additional ruby developer headers:

apt-get install build-essential libopenssl-ruby ruby1.8-dev
gem install rails --include-dependencies
gem install rack -v 1.0.1

Since I have a central mysql server that servers all my web applications  I just need to install mysql-client and go on. If you are comfortable with a mysql-server sitting on all your application servers you can just go ahead with mysql-server.

apt-get install mysql-client

Lets create the user and tables for redmine

mysql -h db -u root -p
CREATE DATABASE redmine CHARACTER SET utf8;
CREATE USER 'redmine'@'%' IDENTIFIED BY 'secret';
GRANT ALL privileges ON redmine.* TO 'redmine'@'%';
exit;

If you dont have apache yet installed, go ahead and install it

apt-get install apache2

Lets install Apache modules and dependencies:

apt-get install libapache2-mod-fastcgi libfcgi-ruby1.8
apt-get install libmysql-ruby libopenssl-ruby1.8
### Passenger module
apt-get install ruby-dev
gem install passenger
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/bin/passenger-install-apache2-module

The path to passenger-install-apache2-module can differ if you have a newer version in your apt sources. Module has excelent error messages detailing what you need to do to solve dependency problems.

Dont forget to include to you apache config:

### passenger
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12
PassengerRuby /usr/bin/ruby1.8

Configuration

Now that we have done lots of installations lets do some configuration. I have svn preseded on all my machines, since I manage my infrastructure scripts from there.

First go to your web directory:

cd /var/www/

Checkout svn trun, to get newest features (and newest bugs 🙂 ):

svn co http://redmine.rubyforge.org/svn/trunk/ redmine
cd redmine

Create the initial database file and edit it with your favorite editor:

cp config/database.yml.example config/database.yml
vim config/database.yml
production:
adapter: mysql
database: redmine
host: db
username: redmine
password: secret
encoding: utf8

If you use the newer version of redmine you need to do email configuration under:

cp config/configuration.yml.example config/configuration.yml
vim config/configuration.yml

or in the older version:

cp config/email.yml.example config/email.yml
vim config/email.yml

Edit defaut entry for all redmine environments

default:
# Outgoing emails configuration (see examples above)
email_delivery:
delivery_method: :smtp
smtp_settings:
address: mail
port: 25
domain: mydomain.yes
authentication: :login
user_name: "no-reply@mydomain.yes"
password: "secret"

Then to make sure we have all gems installed and every dependency run:

bundle install

To generate additional files also run:

rake generate_session_store

You might get error saying that you need to run a newer version of the command, then run:

rake generate_secret_token

Now to load our data into the mysql backend run following commands:

RAILS_ENV=production rake db:migrate
RAILS_ENV=production rake redmine:load_default_data

Apache2 virtualhost

We need to link our virtualhost to the public folder of redmine:

<VirtualHost *:80>
ServerAdmin rambo@mydomain.yes
DocumentRoot /var/www/redmine/public>
<Directory />
Options -MultiViews
AllowOverride all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

The directory options and Allowoverride is mandatory according to redmine documentation. The rest can be changed to your needs. You could possibly remove cgi-bin alias aswell.

LDAP auth

With your webbrowser go to http://your.redmine.server/ and log in with admin/admin.

Go to Administration -> LDAP Authentication. Click New Authentication mode in the right upper corner.

Authentication mode (LDAP)
Name ldap
Host ldap
Port 389
Account cn=proxyuser,ou=People,dn=mydomain
Password secret
Base DN ou=People,dn=mydomain
LDAP filter
On-the-fly user creation yes
Attributes
Login uid
First name
Last name
Email mail

This is what you should have at the end.

Let me explain:

Name: Just a simple name to distinguish multiple ldap server and the connected users.

Host: This should be the ldap server that you are connecting.

Port: I am using default port to connect, and not using secure connection.

Account: Lots of guides and how to’s recomend to leave it empty. In my case thats not a good idea since then redmine will bind anonymusly. I have a proxyuser who does all binds and has only read permission on the ldap server.

Password: Straight forward, the bind users password.

Base DN: The base DN of your ldap server. It can be referenced to the ou where users are stored aswell.

Filter: This can be used to set up filtes, havent gone into any deeper configuration with it.

On the Fly user creation: A very nice options, when a user logs into redmine for the first time then his profile will be created according to ldap attributes.

Login: The attribute which will be used at login. It can be an email, dn, uid, or even a special numeric number used within your organisation.

First name and Last name: Straight forward again, These are only values on distinguish users according to their real name.

Email: Email address where emails will be sent.

Troubeshooting: I spent alot of time troubleshooting different error messages. Some good advices from me.

  1. Doublecheck your password. It took me 4 hours to relise that i was using wrong password
  2. Make sure you can bind with the server from cli
  3. Make sure there is user that is requested
  4. Try to create a user and set its authentication to ldap. That why making sure that the problem is not the password only
  5. Try setting verbosity to debug
  6. start a tcpdump, listening to ldap traffic only
  7. Be patient 🙂

Email

It is a good idea to test if email setup is working. Go to Administration->Settings->Email Notification and try to send a test mail. If it’s working then it’s fine, if not you will get an error messages which you will need to troubleshoot.

Advertisements

Author: S4mur4i

Happy in the unhappy world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s