Step 1: Choose the right (fork of the) plugin
LDAP authentication is only possible using a plugin. There are three plugins I want to mention
-
ensky/taiga-contrib-ldap-auth
-
Monogramm/taiga-contrib-ldap-auth-ext
-
TuringTux/taiga-contrib-ldap-auth-ext-2
The Monogramm plugin is a fork of the ensky plugin, the TuringTux plugin is a fork of the Monogramm plugin.
The go-to plugin for LDAP authentication is the Monogramm plugin, it is for example mentioned in the community contributions post in this forum. I created the TuringTux plugin when it was not clear if the Monogramm plugin was still maintained, however, there has been recent activity so as of now the only difference of the TuringTux plugin is an updated README.
Note however that currently, the version of the plugin deployed to the Python Package Index (PyPI) is not up to date. If you want to use an up-to-date version of the Monogramm plugin, install it directly from Git or use the TuringTux plugin, which currently can only be installed directly from Git anway.
For the rest of the post, I will work with the TuringTux plugin, but indicate which places you need to change to use the Monogramm plugin.
Further resources
-
Some Community Contributions
-
taiga-contrib-ldap-auth-ext on PyPI
-
Comment by the Monogramm plugin maintainer about inactivity (as there has been activity after that comment again, this is only kept here for historical reasons)
-
Pull request mentioning the LDAP injection vulnerability (merged)
Step 2: Install and configure the plugin in taiga-back
I used the dockerized 30 min setup as described in the forum. In this case, you need to adjust the taiga-back
and taiga-front
images. We start with the installation and configuration of the plugin in taiga-back
.
They are described in more detail in the TuringTux pluginās README, please refer to this document:
Plugin installation and configuration of
taiga-back
Use the Monogramm plugin directly from Git instead
If you want to use the Monogramm plugin instead of the TuringTux plugin, you can also follow the guide mentioned above, but need to make the following changes to the Dockerfile
:
-
Replace the following line:
RUN pip install git+https://github.com/TuringTux/taiga-contrib-ldap-auth-ext-2.git
with:
RUN pip install git+https://github.com/Monogramm/taiga-contrib-ldap-auth-ext.git
Use the Monogramm plugin from PyPI instead
You can also install the Monogramm plugin from the Python Package Index. Note that currently, this will get you an outdated version with a potential LDAP injection vulnerability, so Iād recommend using the plugin directly from Git until this is updated.
Follow the guide mentioned above, but make the following changes to the Dockerfile
:
-
Remove all the
RUN apt-get ...
instructions (they were only to install Git, which is only needed if you want to install e.g. the TuringTux plugin directly from Git instead of the normal Python Package Index) -
Replace the following line:
RUN pip install git+https://github.com/TuringTux/taiga-contrib-ldap-auth-ext-2.git
with:
RUN pip install taiga-contrib-ldap-auth-ext
Further resources
-
Taiga 30 min Setup
-
Issue asking to release the latest Monogramm plugin version in the PyPI package index (as soon as it is done, you can install the Monogramm plugin from PyPI again)
Step 3: Configure taiga-front
taiga-front
needs to be configured to use the ldap
installation method. This is also described in the README of the TuringTux plugin.
(Even) further reading
While writing this post and installing LDAP, I stumbled upon the following resources that might be helpful:
-
Taiga 6: How to enable LDAP based login? on Google Groups
-
Feature request for LDAP support in the official images on GitHub