Kanban solution for nethserver

Hello everybody. We are using latest nethserver in our company with a great success! Do you know if there is a valid Kanban solution to install inside? Something like Trello…

Matteo

I have Kanban installed on an Ubuntu VPS and it works great. It would be awesome to have it for NethServer too…

What about that? It looks promising.

4 Likes

If the kanban functionality can be added to nextcloud, it would be great. Better have less different apps and more integration…
Point is that Deck is quite new and far from ready. Kanban is rocksolid and very easy to use. I don’t know what is wise in this…

Deck could be a good option when NethServer gets an upgrade to Nextcloud 11. Easy to install and integrated already! As Deck is in development Julius (its developer) is open to feature requests and pull requests, so time to contribute if ideas arise.

There are other options (wekan, taskboard, restyaboard, taiga…), but one that seems easy to install is Kanboard.

What follows is a sample configuration of Kanboard, also with LDAP authentication.
It’s the first time I install this, and ldap/samba is not my cup of tea, so correct where I’m wrong, suggests changes, security/performance improvements, and bear with me. :wink:


##Installing Kanboard
###Install prerequisites

yum install php-mbstring php-mysql php-gd php-ldap unzip @nethserver-mysql

###Download and extract Kanboard

cd /var/www/html
wget https://kanboard.net/kanboard-latest.zip
unzip kanboard-latest.zip
rm kanboard-latest.zip
chown -R apache:apache kanboard/{data,plugins}

###Create database

Replace kanboarduser and yourpassword as appropriate.

mysql -e "CREATE DATABASE kanboard;" 
mysql kanboard < /var/www/html/kanboard/app/Schema/Sql/mysql.sql
mysql -e "CREATE USER 'kanboarduser'@'localhost' IDENTIFIED BY 'yourpassword';"
mysql -e "GRANT ALL PRIVILEGES ON kanboard.* TO 'kanboarduser'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;"
mysql -e "FLUSH PRIVILEGES;"

Set up Kanboard configuration file

cd /var/www/html/kanboard
mv config.default.php config.php
vi config.php

####Database connection

Find the following constants (DB_DRIVER, DB_USERNAME, DB_PASSWORD) and edit its values as follows, replacing kanboarduser and yourpassword with the mysql parameters you have previously set.

// Database driver: sqlite, mysql or postgres (sqlite by default)
define('DB_DRIVER', 'mysql');

// Mysql/Postgres username
define('DB_USERNAME', 'kanboarduser');

//Mysql/Postgres password
define('DB_PASSWORD', 'yourpassword');

####Email settings
Unchanged (please, suggest configuration if needed)

####Optional parameters to edit
// Set to false to allow self-signed certificates
define(‘HTTP_VERIFY_SSL_CERTIFICATE’, false);

OpenLDAP Authentication (with local account provider)

If you are using OpenLDAP as local account provider, you can set the authentication parameters in kanboard’s config.php file.

To get your server’s LDAP bind parameters, check Status -> Domain Accounts on server manager, or run account-provider-test dump command.
Here’s a sample output of the command:

{
   "startTls" : "",
   "bindUser" : "ldapservice",
   "userDN" : "ou=People,dc=directory,dc=nh",
   "port" : 389,
   "isAD" : "",
   "host" : "127.0.0.1",
   "groupDN" : "ou=Groups,dc=directory,dc=nh",
   "isLdap" : "1",
   "ldapURI" : "ldap://127.0.0.1",
   "baseDN" : "dc=directory,dc=nh",
   "bindPassword" : "Your_LDAP_Bind_Password",
   "bindDN" : "cn=ldapservice,dc=directory,dc=nh"
}

Replace the value for the LDAP_PASSWORD constant as appropriate. Customize additional constants to suit your needs.

// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);

// LDAP server hostname
define('LDAP_SERVER', '127.0.0.1');

// LDAP server port (389 by default)
define('LDAP_PORT', 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', true);

// Enable LDAP START_TLS
define('LDAP_START_TLS', false);

// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);

// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'proxy');

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'cn=ldapservice,dc=directory,dc=nh');

// LDAP password to use for proxy mode
define('LDAP_PASSWORD', 'Your_LDAP_Bind_Password');

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', 'ou=People,dc=directory,dc=nh');

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', 'uid=%s');

// LDAP attribute for username
// Example for ActiveDirectory: 'samaccountname'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');

// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');

// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');

// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', '');

// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define('LDAP_USER_ATTRIBUTE_PHOTO', '');

// LDAP attribute for user language, example: 'preferredlanguage'
// Put an empty string to disable language sync
define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');

// Allow automatic LDAP user creation
define('LDAP_USER_CREATION', true);

// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'cn=administrators,ou=Groups,dc=directory,dc=nh');

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', 'cn=managers,ou=Groups,dc=directory,dc=nh');

// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define('LDAP_GROUP_PROVIDER', true);

// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'ou=Groups,dc=directory,dc=nh');

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '(&(objectClass=posixGroup)(cn=%s*))');

// LDAP user group filter
// If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', '(&(objectClass=posixGroup)(memberUid=%s))');

// LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

(Samba)AD Authentication (with local account provider)

If you are using AD as local account provider, you can set the authentication parameters in kanboard’s config.php file.

To obtain the AD ldap parameters check Status -> Domain Accounts section on server manager or execute the account-provider-test dump command.

Note that for this example in particular the FQDN of the server is test1.local.neth.eu, so any reference of test1, local, neth or eu should be tweaked according to your server.

Replace the values for LDAP_SERVER, LDAP_USERNAME, LDAP_PASSWORD, LDAP_GROUP_ADMIN_DN, LDAP_GROUP_MANAGER_DN, LDAP_GROUP_BASE_DN constants (and any other values you consider) as appropriate.

For LDAP_USERNAME and LDAP_PASSWORD you can set the values thrown by account-provider-test dump command (e.g. "bindDN" : "LOCAL\\TEST1$", "bindPassword" : "your_ldap_password"), or use the credentials of a user with administration privileges (e.g. admin@domain.tld).

// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);

// LDAP server hostname
define('LDAP_SERVER', 'local.neth.eu');

// LDAP server port (389 by default)
define('LDAP_PORT', 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', true);

// Enable LDAP START_TLS
define('LDAP_START_TLS', false);

// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);

// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'proxy');

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'admin@local.neth.eu');

// LDAP password to use for proxy mode
define('LDAP_PASSWORD', 'your_ldap_password');

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', 'dc=local,dc=neth,dc=eu');

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');

// LDAP attribute for username
// Example for ActiveDirectory: 'samaccountname'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');

// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');

// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');

// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');

// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define('LDAP_USER_ATTRIBUTE_PHOTO', 'jpegPhoto');

// LDAP attribute for user language, example: 'preferredlanguage'
// Put an empty string to disable language sync
define('LDAP_USER_ATTRIBUTE_LANGUAGE', 'preferredLanguage');

// Allow automatic LDAP user creation
define('LDAP_USER_CREATION', true);

// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'cn=domain admins,cn=users,dc=local,dc=neth,dc=eu');

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', 'cn=managers,cn=users,dc=local,dc=neth,dc=eu');

// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define('LDAP_GROUP_PROVIDER', true);

// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'dc=local,dc=neth,dc=eu');

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');

// LDAP user group filter
// If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', '');

// LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

###Restart web server
Restart the web server service for the changes to take effect:

systemctl restart httpd

Background Job Scheduling

To work properly, Kanboard requires that a background job run on a daily basis, to calculate stats, send notifications and execute additional tasks’ related actions.

  • Setup a daily cron job as the apache user: crontab -u apache -e
    For example, to set the daily cron job to be executed at 5:00 AM, write:

    0 5 * * * cd /var/www/html/kanboard && ./cli cronjob >/dev/null 2>&1

Then save the changes and exit the editor

:wq!

###Accessing Kanboard
To get access to Kanboard, in a web browser open the URL formatted like https://ip-or-fqdn/kanboard/.

Login with the user credentials:

  • If no (LDAP) account provider has been configured the default username / password are admin / admin. Change the password as soon as possible.
  • If an account provider is in use, login with the credentials of the desired user.

Mind Kanboard’s login workflow:

When the LDAP authentication is activated, the login process works like that:

  1. Try first to authenticate the user by using the database
  2. If the user is not found inside the database, a LDAP authentication is performed
  3. If the LDAP authentication is successful, by default a local user is created automatically with no password and marked as LDAP users.

###References

8 Likes

Such a great howto! @Matteo_Contoli @robb what do you think? :heart_eyes:
It should be validated and moved on our wiki!

SUPERB!
I will install and report back. Kanban is a great tool for managing tasks…
Thnx for this howto!

1 Like

Wow this Is fantastic man! I Will try as soon as possible. Thank you so much!!