Allow non-LDAP/AD users to switch to LDAP/AD given a DN

Issue #786 new
David Vega created an issue

If a system migrates from normal user login to LDAP login it would be required for the users to remake their accounts.

It would be good to allow in their control panel to authenticate with their LDAP/AD login and thus link their existing accounts to the LDAP/AD one.

Comments (4)

  1. Marcin Kuzminski repo owner

    LDAP field is disabled for web editing, but you can migrate users and set their DN via RhodeCode API.

  2. David Vega reporter

    Could it be enabled for system admins?. If there is danger of breaking something, an alert will suffice and your average system admin will know whether to tamper with that setting or not

  3. valentijnscholten

    I vote for adding/enabling this in the Admin GUI also.

    Currently when a new developer joins our company, we can only complete the setup after the user has performed at least one login to rhodecode.

  4. Andrew Kesterson

    See pull request #110. Once that functionality becomes mainstream, I think you can solve your problem by making the ldap plugin authenticate first, and the rhodecode plugin authenticate last (e.g. set the auth plugins list to "rhodecode.lib.auth_ldap,rhodecode.lib.auth_rhodecode"). Existing rhodecode users who have ldap accounts will then be authenticated by ldap, and the ldap plugin will take ownership of the account, filling out the DN.

    However that will only work if your ldap uid fields are a 100% match to the rhodecode username - if they are not, it won't work (hopefully you're not trying to do this? it wouldn't work today either.)

  5. Log in to comment