taiga-back
taiga-back copied to clipboard
taigaio
[Request] Provide official support for LDAP based user authentication
Taiga has solved and continues to be a great tool in our arsenal, but a big pain point is that we use LDAP authentication for all of our other tooling. The lack of official LDAP support has started to become a major hindrance to my team as we have grown and is causing us to evaluate other solutions besides Taiga. What I am asking for at a bare minimum is to provide LDAP user authentication as an official authentication method (IE no groups). This would drastically help us continue to grow and use Taiga as our project management tool as well make Taiga an attractive solution for other larger organizations looking to move away from what ever their current solution is.
Thank you for your feedback.
I guess you are aware of a third party plugin https://github.com/ensky/taiga-contrib-ldap-auth.
If that plugin is not enough for you, I would really appreciate if you could tell us more about your specific needs.
The biggest issue is that if we rely on that plugin there is no guarantee that it will remain compatible with the new versions of taiga or that it will be updated in a timely fashion if at all. Providing this as an officially supported featured would give the peace of mind that it will always work or be maintained in a timely fashion. Additionally integration into mainstream would mean that upgrading to newer versions of taiga wouldn't have to be a two phase process were we would have to upgrade and test Taiga and then upgrade and test the LDAP plugin.
From a feature standpoint the plugin would work for our needs but the integration of this into the the core project would ensure that any community additions to add new features would be well reviewed and done in a timely fashion.
I am also not the only one who is requesting this official support, #418 #396 #120
@migonzalvar the initial plugin is stalled and contains several bugs (does not support special characters or even dots in login, no STARTTLS for LDAP connection, ...).
I fully agree with @juliovalcarcel in having an official integration of LDAP authentication. This would be much safer when upgrading and could even provide some enhancements that are not a possible through a plugin (for instance, disable "change password" for a LDAP user).
In the meantime, we forked the initial plugin and joined all existing other forks and fixes into one at https://github.com/Monogramm/taiga-contrib-ldap-auth-ext Feel free to try this version and report any issues you may find.
Thanks for your work on taiga-contrib-ldap-auth(-ext). We are successfully using these plugins for about a year now. Eventhough we miss some features:
-
Disabling password changing capability for LDAP users (mentioned above).
-
Some kind of LDAP group to Taiga project/role mapping. Currently we have to assign project roles manually to users. But we would like to assign certain roles such als Viewer or Issue-Submitter on selected projects automatically to authenticated users. We don't need a UI for this mapping. Wiring this via configuration file would sufficient, e.g.
[
'dc=com,dc=example,ou=groups,cn=projectteam' :
['myproject/developer,'otherproject/viewer'],
'dc=com,dc=example,ou=groups,cn=boss' :
['*/viewer']
]
Is anyone interested in supporting an implementation of a group-to-role enhancement?
It would be beneficial to request a more generic OICD implementation #1472 - single sign on, instead. dexidp is an IdP tool for serving OICD identities from the ldap backend. Still User / group synchronization, as in #1473 is needed.
We have been using contrib_ldap_auth in the Cloudron package for a couple of years now and so far it hasn't had any breakage. The code is https://git.cloudron.io/cloudron/taiga-app/-/blob/master/local.py if someone wants to have a reference.
