Restrict TeamCity users to members of an Active Directory (LDAP) group

I'm trying to restrict TeamCity users to members of a specific AD group (FNC_TEAMCITY_USERS). LDAP user synchronisation was already working.

In my ldap-config.properties I changed this:

    teamcity.users.filter=(objectClass=user)

to this:

    teamcity.users.filter=(&(objectClass=user)(memberOf=CN=FNC_TEAMCITY_USERS,OU=Groups,DC=group,DC=ourdomain,DC=com))

I restarted the TeamCity service and this change had no effect. All AD users can still log in to TeamCity. I tried this on both our 6.5 instance and our 7.0 (EAP) instance.

Is there something I've missed or is this a bug?

Please sign in to leave a comment.