error_saving_failed: 'Shranjevanje dokumenta ni uspelo zaradi napake:%{error}'
error_initialization_failed:'Napaka pri inicializaciji CKEditorja'
mode:
@ -461,12 +461,12 @@ sl:
overview:"Upravljajte svoje delo v <b>Backlogs</b> pogledu. <br> Na desni strani imate Produktne zaostanke ali zaostanke Napak, na levi imate ustrezne šprinte. Tukaj lahko ustvarite <b>epe, zgodbe uporabnikov in napake</b>, določite prednost preko drag'n'drop in jih dodajte v šprint."
task_board_arrow:'Za prikaz vaše <b>Tabela nalog</b>, odprite šprint spustni meni...'
task_board_select:'... in izberite <b>Tabela nalog</b> zapis.'
task_board:"The <b>Task board</b> visualizes the progress for this sprint. Add new tasks or impediments with the + icon next to a user story. Via drag'n'drop you can update the status."
task_board:"Plošča<b>opravil</b> predstavlja napredek tega šprinta. Z ikono + zraven uporabniške zgodbe dodajte nove naloge ali ovire. Preko povleka 'stanje lahko posodobite stanje."
boards:
overview:'Organiziraj svoje delo z intuitivnim <b>Board</b> pogledom.'
lists:'You can create multiple lists (columns) within one Board view, e.g. to create a KANBAN board.'
lists:'V enem pogledu plošče lahko ustvarite več seznamov (stolpcev), npr. ustvarite tablo KANBAN.'
add:'Klik na + bo <b>dodal novo kartico</b> na seznam v vaš Board.'
drag:'Drag & Drop your cards within a list to re-order, or to another list. A double click will open the details view.'
drag:'Povlecite in spustite svoje kartice znotraj seznama, če ga želite ponovno naročiti, ali na drug seznam. Z dvojnim klikom se odpre pogled s podrobnostmi.'
wp:
toggler:"Zdaj pa poglejmo <b>Delovni paket</b> del, ki vam da bolj podroben pregled vašega dela. "
list:'This is the <b>Work package</b> list with the important work within your project, such as tasks, features, milestones, bugs, and more. <br> You can create or edit a work package directly within this list. To see its details you can double click on a row.'
@ -23,34 +23,106 @@ To create a new LDAP authentication click on the respective icon.
You will then be able to specify the LDAP configuration. This can be any directory service compatible with the LDAPv3 standard, such as Microsoft Active Directory or openLDAP. The configuration depends on the specific database/applications, through which the authentication with OpenProject is intended.
The following screenshot contains an exemplary configuration for a new LDAP authentication mode. In the following, we will go through all available options.
The following screenshots contain an exemplary configuration for a new LDAP authentication mode. In the following, we will go through all available options.
#### LDAP connection details and security
In the upper section, you have to specify the connection details of your LDAP server as well as the connection encryption to use.
- **Name:** Arbitrary identifier used to show which authentication source a user is coming from (e.g., in the [Administration > Users view](https://www.openproject.org/help/administration/manage-users/))
- **Host:** Full hostname to the LDAP server
- **Port :** LDAP port. Will usually be 389 for LDAP and 689 for LDAPS connections.
- **LDAPS :** If checked, this will result in NET::LDAP connecting with the *simple_tls* option *enabled.* [Click here to read more details into what this means for connection security.](https://www.rubydoc.info/gems/ruby-net-ldap/Net/LDAP)
- **Port :** LDAP port. Will usually be 389 for LDAP and StartTLS and 636 for LDAP over SSL connections.
- **Connection encryption**: Select the appropriate connection encryption.
- For unencrypted connections, select `none` . No TLS/SSL connection will be established, your connection will be unsecure
- For LDAPS connections (LDAP over SSL), use `simple_tls` , this is an older SSL encryption pattern that uses SSL certificates, but **DOES NOT VERIFY THEM**. Implicit trust in the connection will be placed, but the connection will be encrypted. Some older LDAP servers only support this option
- **Recommended option**: `start_tls` will use TLS to encrypt the connection after connecting to the LDAP server on the unencrypted PORT (`389` by default).
- [Click here to read more details into what these options mean for connection security.](https://www.rubydoc.info/gems/ruby-net-ldap/Net/LDAP)
**Allowing untrusted certifcates for LDAP connections**
If you use `start_tls` , certificate details and host names will be verified on connections as recommended for security. In case you use a custom untrusted certificate authority (CA) that your LDAP is connecting to, you can place this CA in your system's trusted CA store if possible. For some distributions, you will need to specify this CA manually to OpenProject.
You can do this by using the [advanced configuration](https://docs.openproject.org/installation-and-operations/configuration/) function of OpenProject. You can define the CA path by setting the following ENV variable:
or by extending your production configuration of `config/configuration.yml` with the following segment:
```
production:
# .. other settings ..
# ldap_tls_options:
# ca_file: "/path/to/the/root-ca.crt"
```
You can set other TLS options for the LDAP auth source connection. They are passed as the `tls_options` to the Net::LDAP gem and ultimately end up in the `SSLContext` setting of Ruby. You can define the TLS version and other advanced options in case your connections needs it. Most users will not need to change this however.
Next, you will need to enter a system user that has READ access to the users for identification and synchronization purposes. Note that most operations to the LDAP during authentication will not be using these credentials, but the user-provided credentials in the login form in order to perform a regular user bind to the LDAP.
- **Account:** The full DN of a system users used for looking up user details in the LDAP. It must have read permissions under the Base DN. This will not be used for the user bind upon authentication.
- **Password:** The bind password of the system user’s DN above.
- **On-the-fly user creation:** Check to automatically create users in OpenProject when they first login in OpenProject. It will use the LDAP attribute mapping below to fill out required attributes. The user will be forwarded to a registration screen to complete required attributes if they are missing in the LDAP.
**Attribute mapping**
#### LDAP details
Next you can define what sections OpenProject will look for in the LDAP and also if users should be created automatically in OpenProject when they are accessing it. Let's look at the available options:
- **Base DN**: Enter the Base DN to search within for users and groups in the LDAP tree
- **Filter string**: Enter an optional [LDAP RFC4515 filter string](https://tools.ietf.org/search/rfc4515) to further reduce the returned set of users. This allows you to restrict access to OpenProject with a very flexible filter. For group synchronization, only users matching this filter will be added as well.
- **Automatic user creation:** Check to automatically create users in OpenProject when they first login in OpenProject. It will use the LDAP attribute mapping below to fill out required attributes. The user will be forwarded to a registration screen to complete required attributes if they are missing in the LDAP.
#### Attribute mapping
The attribute mapping is used to identify attributes of OpenProject with attributes of the LDAP directory. At least the *login* attribute is required to create DNs from the login credentials.
- **Login:** The login attribute in the ldap. Will be used to construct the DN from `login-attribute=value,`. Most often, this will be *uid.*
- **First name:** The attribute name in the LDAP that maps to first name. Most often, this will be *givenName.* If left empty, user will be prompted to enter upon registration if **on-the-fly-creation** is true.
- **Last name:** The attribute name in the LDAP that maps to last name. Most often, this will be *sn.* If left empty, user will be prompted to enter upon registration if **on-the-fly-creation** is true.
- **Email:** The attribute name in the LDAP that maps to the user’s mail address. This will usually be *mail.* If left empty, user will be prompted to enter upon registration if **on-the-fly-creation** is true.
- **First name:** The attribute name in the LDAP that maps to first name. Most often, this will be *givenName.* If left empty, user will be prompted to enter upon registration if **automatic user creation** is true.
- **Last name:** The attribute name in the LDAP that maps to last name. Most often, this will be *sn.* If left empty, user will be prompted to enter upon registration if **automatic user creation** is true.
- **Email:** The attribute name in the LDAP that maps to the user’s mail address. This will usually be *mail.* If left empty, user will be prompted to enter upon registration if **automatic user creation** is true.
- **Admin:** Specify an attribute that if it has a truthy value, results in the user in OpenProject becoming an admin account. Leave empty to never set admin status from LDAP attributes.
Lastly, click on *Create* to save the LDAP authentication mode. You will be redirected to the index page with the created authentication mode. Click the *test* button to create a test connection using the system user’s bind credentials.
With the [OpenProject Enterprise Edition](https://www.openproject.org/enterprise-edition/) it is possible to [synchronize LDAP and OpenProject groups](./ldap-group-synchronization).
import_failed_unsupported_bcf_version: 'Failed to read the BCF file:The BCF version is not supported. Please ensure the version is at least %{minimal_version} or higher.'
import_successful:'Imported %{count} BCF issues'
import_canceled:'BCF-XML import canceled.'
type_not_active:"The issue type is not activated for this project."
permission_edit_own_hourly_rate:"uredite lastne urne postavke"
permission_edit_rates:"Uredite cene"
permission_log_costs:"Book unit costs"
permission_log_own_costs:"Book unit costs for oneself"
permission_log_costs:"Stroški knjižne enote"
permission_log_own_costs:"Stroški knjižne enote zase"
permission_view_cost_entries:"View booked costs"
permission_view_cost_objects:"Oglejte si proračune"
permission_view_cost_rates:"Oglejte si stopnje stroškov"
permission_view_hourly_rates:"View all hourly rates"
permission_view_hourly_rates:"Oglejte si vse urne postavke"
permission_view_own_cost_entries:"View own booked costs"
permission_view_own_hourly_rate:"Oglejte si lastno urno postavko"
permission_view_own_time_entries:"Oglejte si svoj porabljen čas"
project_module_costs_module:"Proračun"
text_assign_time_and_cost_entries_to_project:"Projektu dodelite prijavljene ure in stroške"
text_cost_object_change_type_confirmation:"Ali si prepričan? Ta operacija bo uničila podatke o določeni vrsti proračuna."
text_destroy_cost_entries_question:"%{cost_entries} were reported on the work packages you are about to delete. What do you want to do ?"
text_destroy_cost_entries_question:"%{cost_entries} so bili prijavljeni v delovnih paketih, ki jih boste izbrisali. Kaj želiš narediti ?"
text_destroy_time_and_cost_entries:"Izbrišite prijavljene ure in stroške"
text_destroy_time_and_cost_entries_question:"%{hours} hours, %{cost_entries} were reported on the work packages you are about to delete. What do you want to do ?"
text_destroy_time_and_cost_entries_question:"%{hours} ur , %{cost_entries} so bili prijavljeni v delovnih paketih, ki jih boste izbrisali. Kaj želiš narediti ?"
text_reassign_time_and_cost_entries:"Ponovno dodelite tem delovnemu paketu prijavljene ure in stroške:"
text_warning_hidden_elements:"Nekateri vnosi so bili morda izključeni iz združevanja."
Oliver Günther
5 years ago
