How to Install Kanboard and Authenticate Using Ldap on Ubuntu Linux

Kanboard is a free and open source project management software program which is designed to manage projects efficiently using kanban methodology. Using kanban method one can visualize the work-flow, limiting work in progress and work efficiently. There is a clear overview of the project with a board where each column represents a step in a work-flow. The task limit avoids working on too many tasks at the same time and concentrate on get the job done. The kanban methodology has fewer constraints than other agile project management approach like scrum. Kanban is more flexible and focuses only on the essentials. This article covers installation and configuration of kanboard in ubuntu 16.

1. Update system

Before installing kanboard, update the system.

# sudo apt-get update

2. Install MariaDB

By default, Kanboard use SQLite to store data. We will use MariaDB to enhance performance in a production. Use the following command to install mariadb.

# sudo apt-get install mariadb-server mariadb-client

Check the status of mariadb and enable it during system startup.

# sudo systemctl status mysql
# sudo systemctl enable mysql

Optionally, you can secure mariadb using mysql_secure_installation

# sudo mysql_secure_installation

3. Configure MariaDB database

Next we will create a database and an user for kanboard.

# mysql -u root -p -e "CREATE DATABASE kanboard;"
# mysql -u root -p -e "CREATE USER 'kanboarduser'@'localhost' IDENTIFIED BY 'somepassword';"
# mysql -u root -p -e "GRANT ALL PRIVILEGES ON kanboard.* TO 'kanboarduser'@'localhost' IDENTIFIED BY 'somepassword' WITH GRANT OPTION;"
# mysql -u root -p -e "FLUSH PRIVILEGES;"

4. Install Apache and PHP

Kanboard requires PHP 5.3.9 or greater. For best performance we are going to install PHP 7 and its necessary dependencies using following command.

# sudo apt-get install -y apache2 libapache2-mod-php7.0 php7.0-cli php7.0-mbstring php7.0-sqlite3 php7.0-opcache php7.0-json php7.0-mysql php7.0-pgsql php7.0-ldap php7.0-gd

Check the status of apache and php, enable apache to start during system startup.

# sudo systemctl status apache2
# sudo systemctl enable apache2
# php --version

5. Install Kanboard

Change to the web root and download the latest kanboard , unzip it and change the ownership of data and plugins directory to apache user i.e www-data. Delete the zip file.

# cd /var/www/html
# sudo wget https://kanboard.net/kanboard-latest.zip
# sudo apt-get install unzip
# sudo unzip kanboard-latest.zip
# sudo chown -R www-data:www-data kanboard/data kanboard/plugins
# sudo rm kanboard-latest.zip

Import mysql schema from downloaded Kanboard directory

# mysql -u root -p kanboard < /var/www/html/kanboard/app/Schema/Sql/mysql.sql

Edit kanboard config file to use mariadb database

# cd /var/www/html/kanboard
# sudo mv config.default.php config.php

Change the database driver from sqlite to mariadb. Also specify mariadb username, password, database and hostname.

# vi config.php
// Database driver: sqlite, mysql or postgres (sqlite by default)
define('DB_DRIVER', 'mysql');
// Mysql/Postgres username
define('DB_USERNAME', 'kanboarduser');
// Mysql/Postgres password
define('DB_PASSWORD', 'somepassword');
// Mysql/Postgres hostname
define('DB_HOSTNAME', 'localhost');
// Mysql/Postgres database name
define('DB_NAME', 'kanboard');

Restart Apache and point your browser to http://<Public_IP_Or_Domain_Name/kanboard> Login using user-name as 'admin' and password as 'admin'. Once logged in, change the password of admin by clicking 'users management' from admin drop down menu in upper right corner of the page.

6. Setup cron job

Kanboard need to run a background job on a daily basis for the followings-

→ Reports and analytics (calculate daily stats of each projects)
→ Send overdue task notifications
→ Execute automatic actions connected to the event "Daily background job for tasks"

We will define a cronjob for daily tasks using crontab that will be executed by apache user i.e www-data

# sudo crontab -u www-data -e
no crontab for www-data - using an empty one

Execute the daily cronjob at 8am

0 8 * * * cd /var/www/html/kanboard && ./cli cronjob >/dev/null 2>&1

7. OpenLDAP Authentication

So far we have we have installed and accessed kanboard with admin access. You can also use LDAP as local account provider to authenticate users. In the OpenLDAP setup, we have created a LDAP user by the name 'mike'. Let us authenticate this user in kanboard.

When the LDAP authentication is activated, the login process works like the following-
→Try first to authenticate the user by using the database.
→If the user is not found inside the database, a LDAP authentication is performed.
→If the LDAP authentication is successful, by default a local user is created automatically with no password and marked as LDAP users.

Edit kanboard config file to add LDAP authenticate user. Enable debug mode to on and write the logs to file followed by LDAP configurations. You can change the debug mode to false at later. For this article log files location will be in /var/www/html/kanboard/data/debug.log

# cd /var/www/html/kanboard/
# vi config.php
define('DEBUG', true);
// Available log drivers: syslog, stderr, stdout or file
define('LOG_DRIVER', 'file');

// Log filename if the log driver is "file"
define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');

For LDAP authentication, edit the following.

// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);

// LDAP server hostname
define('LDAP_SERVER', '10.0.0.196');

// LDAP server port (389 by default)
define('LDAP_PORT', 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', false);

// Enable LDAP START_TLS
define('LDAP_START_TLS', false);

// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);

// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'user');

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'uid=%s,ou=groups,dc=linoxide,dc=com');

// LDAP password to use for proxy mode
define('LDAP_PASSWORD', '');

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', 'ou=groups,dc=linoxide,dc=com');

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', 'uid=%s');

// LDAP attribute for username
// Example for ActiveDirectory: 'samaccountname'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');

// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');

// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');

// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', 'gid');

// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define('LDAP_USER_ATTRIBUTE_PHOTO', '');

// LDAP attribute for user language, example: 'preferredlanguage'
// Put an empty string to disable language sync
define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');

// Allow automatic LDAP user creation
define('LDAP_USER_CREATION', false);

// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'cn=ircusers,ou=groups,dc=linoxide,dc=com');

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', '');

// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define('LDAP_GROUP_PROVIDER', false);

// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'ou=groups,dc=linoxide,dc=com');

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '');

// LDAP user group filter
// If this filter is configured, it will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))');

// LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

Save the file and try to login as 'mike' and password as 'mypass' that we have created in the OpenLDAP article. You may find that the user 'mike' cannot log in because kanboard unable to create a default local user with no password and marked the user as LDAP user in MySQL database. Find more about the issues in kanboard github center. If you have any questions regarding LDAP section, post it in the github issues section. The workaround of this issue is to manually add the user as an LDAP user in the MySQL database either by executing a SQL query or through user management in the upper right section of the admin interface. In the user management section, click  'New user' and filled up only user name, mark this user as 'remote user' and provide the role as 'user' in the security section. You can also execute following query to do the same from mysql shell as a root user;

mysql> insert into users (username, is_ldap_user) VALUES ('mike',1);

Now the remote LDAP user 'mike' will be able to authenticate in kanboard.

Conclusion

Kanboard provides a easy way to manage projects and is lighter and faster than other project management software. Kanboard focus on simplicity and efficiency. The learning curve is minimal. There is no special training needed or to learn complex process. Non-technical people can easily use it. Thank you for reading this article.

About Dwijadas Dey

Dwijadas Dey is working with GNU/Linux, Open source systems since 2005. Having avid follower of GNU/Linux, He believes in sharing and spreading the open source ideas to the targeted audience. Apart from freelancing he also writes for community. His current interest includes information and network security.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.