mirror of
https://github.com/plankanban/planka.git
synced 2025-12-06 01:10:11 +03:00
LDAP authentication #776
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @rpelissi on GitHub.
Hi and Happy New Year! I wish you the best for the new year!
Just to let you know that I love this solution. What could be even more cool is to add ldap authentification to the solution.
Thanks again for your work!
R.
@erwaan commented on GitHub:
I finally managed to add authentication by ldap, I will share my code for a pull request as soon as possible
@nickbe commented on GitHub:
We just added this to our list. Thanks for hinting.
@ikaruswill commented on GitHub:
+1 Would appreciate this feature as well.
By the ways, just a shoutout to you guys. Really appreciate the work you guys have put in to Planka. I like the fact that it's lightweight, snappy, and simple. I've tried many alternatives out there like Wekan, Kanboard, Taiga, Restyaboard, but all of them are either too heavy, or too specialized for a specific purpose (Software development for e.g.)
@erwaan commented on GitHub:
Hello everyone !
I am looking to add a connection functionality to an LDAP. I'm still figuring out how and where to implement it. I have some leads so far, in the files
/client/src/actions/login.jsor/client/src/actions/entry/login.js, or by using the functions defined inclient/src/api/user.jsIf anyone here has any leads for research or indications, I'm all ears.
Thank you !
EDIT (3rd June 2022) : Now I manage to make calls to a test ldap in the
/server/api/controllers/access-token/create.jsfile. The goal would be to establish a connection with a user here, to return an access token needed to connect. This token is verified in/client/src/sagas/login/services/login.js.@swatcats commented on GitHub:
+1
@kaptinlin commented on GitHub:
+1 for ldap support
@nickbe commented on GitHub:
@erwaan Very nice!
@astenmco commented on GitHub:
Here it is #268
@kaptinlin commented on GitHub:
@erwaan look forward to the pull request.
@erwaan commented on GitHub:
I will make the pull request with my company's account @astenmco
@astenmco commented on GitHub:
It's done ! :)
@13robin37 commented on GitHub:
Any chance you can check that PR @astenmco? Nice work!
@Vibeshibe commented on GitHub:
Really looking forward to LDAP support
@ghost commented on GitHub:
+1 for efforts !
@accade commented on GitHub:
Any news about this would be very appreciate.
@trivialkettle commented on GitHub:
Any news on this one?
@meltyshev commented on GitHub:
Thanks for the note! We’ve tested this setup, and it works. Adding native LDAP support directly to PLANKA is quite challenging at the moment, as it would require numerous configuration options and increase maintenance overhead.
Here’s a brief outline of how this can be done:
Install Keycloak.
In Keycloak, go to User Federation and add a new LDAP provider.
Once LDAP is configured, create an OpenID client in Keycloak.
Finally, configure OpenID in PLANKA using the official documentation:
https://docs.planka.cloud/docs/configuration/oidc/.
@meltyshev commented on GitHub:
We plan to add this, but it's hard for us to provide an exact date, we're solving major issues for v2 right now. There's a good chance it will be in the v2 release.
@pca-homsi commented on GitHub:
You have an option to work with OIDC provider backed by an LDAP database like the ldap user federation in keycloak
@mytrashon commented on GitHub:
Hello @meltyshev
I have set up Planka and Cloak in separate Docker containers and configured integration with AD LDAP. The issue is that Cloak runs over HTTPS using a self-signed certificate. As far as I understand, Planka connects to Cloak via an OIDC client, which has a hardcoded rule to reject self-signed certificates. When I try to connect, I get the following error:
planka [W] Error while initializing OIDC client: Error: self-signed certificate
planka [E] Sending 500 ("Server Error") response:
I successfully added my certificate via a Dockerfile in Alpine, but it didn’t help. Apparently, some component within Planka has its own certificate handling rules.
How can I fix this and make the OIDC client accept my self-signed certificate?
Thank you!
@meltyshev commented on GitHub:
Great to hear that it worked!
The role selector is inactive because PLANKA uses OIDC roles as the source of truth. However, you can disable role syncing by setting
OIDC_IGNORE_ROLES=true, which will allow you to configure roles directly in PLANKA.@meltyshev commented on GitHub:
Hi! This might be resolved using the approach mentioned here (if you haven't tried it yet): https://github.com/plankanban/planka/issues/925#issuecomment-2441909192.
@mytrashon commented on GitHub:
Thank you very much, everything works fine.
Sorry for the additional bother, but could you please tell me why user management is not available in Planka for users created via SSO login?
For example, I can't assign such a user as an administrator. Button is inactive.
Thank you!