We currently use LDAP synchronization for 15 developers.
We have three AD groups set up, sgTeamCityUsers, scTeamCityDevelopers, scTeamCityAdmins
The developers are all in the the sgTeamCityUsers and scTeamCityDevelopers. A couple are in the scTeamCityAdmins group
We look up the users using the following filter (in ldap-config.properties)
We have a mapping set up (ldap-mapping.xml) to map scTeamCityDevelopers to Developers and scTeamCityAdmins to Admin.
This all works great.
We now have a request to add another department. Rather than adding them the users individually to the sgTeamCityUsers and scTeamCityDevelopers groups, we tried adding their AD department group (EnterpriseApp_DPT) to the sgTeamCityUsers and scTeamCityDevelopers groups. This did not work as expected. When run the LDAP synchronization tab says:
"Last synchronization summary: found 24 users in LDAP, 15 are matched with TeamCity users".
"TeamCity users: no users modified."
So it seems to have found the extra 9 users but does not create them and map them to developers.
The log has the following:
[2011-01-11 07:39:40,503] INFO - jetbrains.buildServer.LDAP - ------ Sync with LDAP users started ------
[2011-01-11 07:39:40,909] INFO - jetbrains.buildServer.LDAP - Sync with LDAP users done
[2011-01-11 07:39:40,909] INFO - jetbrains.buildServer.LDAP - ------ Sync with LDAP groups started ------
[2011-01-11 07:39:40,909] INFO - jetbrains.buildServer.LDAP - LDAP groups mapping loaded
[2011-01-11 07:39:40,925] INFO - jetbrains.buildServer.LDAP - Cannot match member 'CN=EnterpriseApp_DPT,OU=Users,OU=Coralville,OU=Department,OU=Groups,DC=idtdna,DC=com' of LDAP group 'CN=SG_TeamCity_Developers,OU=Miscellaneous,OU=Application,OU=Groups,DC=idtdna,DC=com' with LDAP user or group.
[2011-01-11 07:39:40,925] INFO - jetbrains.buildServer.LDAP - Sync with LDAP groups done
[2011-01-11 07:39:40,925] INFO - jetbrains.buildServer.LDAP - Last syncronization statistics: created users=0, updated users=0, removed users=0, users in ldap=24, matched users=15, duration=563ms, errors=
Other settings from LDAP-Config
Anyone have any ideas on how to get this to work other than adding all the users to both groups.