Advanced mode Authentication - Migrate from Built-in to LDAP
Our current production TeamCity installation has been living for multiple years now. Users have been authenticating with built-in credentials from day one. I have stood up a new TeamCity instance and have successfully configured LDAP authentication.
I would like to start using LDAP authentication with our legacy installation. What should we be concerned about? If the users built-in username doesn't match LDAP, and they log in with LDAP, they will lose their built-in user settings and there will be dual accounts? If the usernames match we are good?
Please sign in to leave a comment.
Hi Matthew,
sorry for the delay. We have just expanded a bit our documentation on LDAP to mention your scenario: https://confluence.jetbrains.com/display/TCD10/LDAP+Integration#LDAPIntegration-SwitchingtoLDAPAuthentication
When migrating LDAP users into teamcity, there are three possible situations:
-The user exists previously in teamcity and has a matching username
-The user exists previously in teamcity but does not have a matching username
-The user does not exist in teamcity.
In the first one, the user will be able to log in with its username and will be able to log in with both the passwords. Should the login via one of the authentication methods, it will fall back to the next one, until it matches or fails to match, allowing login if it matches, rejecting it if it doesn't.
In the second one, a new account will be created for the user, and he will be able to log in with both different accounts.
In the last scenario, the user will be created in teamcity.
So, to answer explicitly your questions, yes, if usernames don't match users will have two accounts (and thus different settings), if usernames match they will be good to go.