Tuleap 12.x

Tuleap 12.1

Note

Tuleap 12.1 is currently under development.

OpenID Connect and Subversion

This is the continuation of the work initiated in Tuleap 12.0: accounts connected to an OpenID Connect provider must use SVN Tokens to access SVN repositories.

In order to enforce this change, it is necessary to allow the DB user used to handle SVN authentications more access to the database. These changes are mandatory even if your Tuleap instance does not use the OpenID Connect plugin. You must run the following commands on your database with a privileged user:

GRANT CREATE,SELECT ON plugin_ldap_user TO dbauthuser;
GRANT CREATE,SELECT ON plugin_openidconnectclient_user_mapping TO dbauthuser;
REVOKE CREATE ON plugin_ldap_user FROM dbauthuser;
REVOKE CREATE ON plugin_openidconnectclient_user_mapping FROM dbauthuser;
FLUSH PRIVILEGES;

Tuleap 12.0

LDAP and Active directory configuration

We have added a new optional configuration variable in /etc/tuleap/plugins/ldap/etc/ldap.inc:

$sys_ldap_server_common_name: This value is used in Tuleap screens to refer to the server like Enter your $sys_ldap_server_common_name credentials. It defines how people refer to the Active Directory server, most of the time it’s “Active Directory” but it can be “LDAP” or “Enterprise Directory”. When it is not defined, its default value will be “LDAP”.

CVS modifications

We made a lot of changes for CVS in the packaging and in the backend of this service. If you are still using it, after upgrading to 12.0, you have to run the following commands:

find /cvsroot/*/CVSROOT -name "loginfo" -exec sed -i "s#ALL /usr/lib/tuleap/bin/log_accum#ALL sudo -u codendiadm -E /usr/lib/tuleap/bin/log_accum#" {} \;
find /cvsroot/*/CVSROOT -name "loginfo" -exec sed -r -i "s#ALL \(/usr/lib/tuleap/bin/log_accum (.*)\)#ALL sudo -u codendiadm -E /usr/lib/tuleap/bin/log_accum \1#" {} \;
tuleap queue-system-check

The queue system check command will recreate the CVS locks. These CVS repositories will be usable once the system check is done.

OpenID Connect

Attention

Existing accounts that already connected to an OpenID Connect provider will no longer be allowed to authenticate with their local Tuleap credentials.

This impacts users for:

  • Web login (they should use OpenID Connect instead)

  • REST API access (they should use Access Keys.)

  • Git over https access (they should use Access Keys.)

  • Subversion access (they should use SVN Tokens.)

Access to SOAP API is no longer possible for users that switch to OpenID Connect.