Under this section, we will review not user registration but automatic account creation that does not require filling in any form. So, this section is not intended solely for ordinary users but also for site owners and administrators. Ordinary users will learn how they can use their third-party accounts in Redmine, and site owners and administrators will learn how to make this possible.
Just in case you did not know, most users avoid registering on each new site. There are many reasons for this, among them the following:
- They don't trust the new site and therefore do not want to share their email addresses, passwords, and so on
- They do not want to remember another username and password combination and do not want to reuse the ones that they are already using in other systems
- They see no reasons weighty enough for creating an account on the new site
However, Redmine can liberate you from the need to remember a new username and password combination. It supports at least two technologies that allow it to do this—OpenID and LDAP.
OpenID is an open standard for authentication that uses an OpenID identity provider as an authentication server. This way, users do not need to store their passwords in Redmine. Instead, OpenID users are redirected to the OpenID provider, where they authenticate, and are then returned to Redmine authenticated if the authentication is successful.
The great thing is that the OpenID provider can be any Internet host, and this protocol is supported by industry giants such as Yahoo. This means that you can authorize in Redmine using, for example, your Yahoo account. The drawback of this authentication solution is that you need to specify the URL of the OpenID provider in the login form. Check it out in the following screenshot:
To log in using OpenID, the user needs to specify the appropriate URL in the OpenID URL field and then just click on the Login button (that is, if you are using OpenID you don't need to specify anything in the Login and Password fields). After this, the user will be redirected to the OpenID provider. The provider will usually ask for credentials that the user has in its system. After the user logs in there (or if the user is already logged in), the provider will ask for confirmation that the user really wants to grant Redmine access to his/her profile. In particular, to create a dedicated profile for the user, Redmine will need the full name and email address of the user. And it will fetch this data from the OpenID provider if the user has authorized it. Moreover, the newly created user will have the same username that he/she has in the OpenID provider's system.
Depending on the Redmine configuration, after successful authorization in the OpenID provider, you will be:
- Asked to activate your account in Redmine using the URL that has been sent to you by email, if the Self-registration setting—which can be found under the Authentication tab of the Settings page in the Administration menu—is set to account activation by email.
- Asked to wait for your new account to be approved by an administrator if the Self-registration setting is set to manual account activation.
- Logged in to your new account if the Self-registration setting is set to automatic account activation.
- Asked to fill in some additional data for your new account, the password and username among them. This actually indicates that something went wrong in Redmine's OpenID stack, and it did not allow you to use the OpenID provider to authenticate.
The fact that any Internet host can be an OpenID provider can, of course, become a reason for not using OpenID (or for using it along with manual or email account activation). This reason can be even more weighty if you are using Redmine as a corporate project management application. But don't be in a hurry to get upset!
Lightweight Directory Access Protocol (LDAP) is an open protocol that allows an application (Redmine in our case) to access active directory services. Such services are commonly used to store usernames and passwords. Therefore, LDAP can be used for authentication as well. Most known directory service servers are OpenLDAP and Microsoft Active Directory. So, yes! With LDAP, you can connect Redmine to the Microsoft AD domain.
Unlike OpenID, to support an LDAP server an administrator must register it first on the LDAP authentication page of the Administration menu (using the New authentication mode link, as described in Chapter 3, Configuring Redmine). If administrators have added several LDAP servers, Redmine will attempt to authenticate a new user against each of them (until one of them returns a successful response). Also, if the On-the-fly user creation option is enabled for the server, Redmine will create accounts for new users on their first successful logins.
Moreover, unlike OpenID, the login process of LDAP users does not differ from that of local users. That is, users specify their usernames and passwords in the login form as usual and are not redirected to any third-party websites.