LDAP: Only import users from mapped groups

Hi.

I've setup LDAP synchronisation to Teamcity using the ldap-config.properties and ldap-mapping.xml files.

Is it possible to only import users from the mapped groups? I don't find such feature, is there one?

I get all users from our AD in the 'All Users' group. I don't want that, I only want to import users from the mapped groups (in ldap-mapping.xml). Is that possible?

Although I found one other way to limit the number of users imported by only importing users under a specific part of the AD tree, this is unfortunately not useful for me because our AD tree isn't structured in a way that a subtree corresponds to the members of the synched groups.

Another approach might be to limit the visibility of the AD tree for the account which imports users, this will be very cumbersome to maintain though.

2 comments
Comment actions Permalink

Hi,

We had a number of requests for the cases like yours.
I think this one might be useful for you:
http://youtrack.jetbrains.com/issue/TW-17332

Also take a look this one:
http://youtrack.jetbrains.com/issue/TW-21301

As a general solution we recommend to achieve it via specific filter (in which you can use memberOf condition), but the properties from TW-17332 can also help.


--
Maxim

0
Comment actions Permalink

An effective solution would be creating new local TeamCity Users group in Active Directory, and include all your required groups into this group.
Then you'll be able to setup TeamCity as described in TW-7800. This approach is faster, and doesn't require additional management.

0

Please sign in to leave a comment.