teamcity, ldap and role(s)


I have installed teamcity 4.5.5 and was able to authenicate against my ldap server.   I am having problem with setting up users with specific roles.    I have searched the documentation and didn't find any info on setting up ldap users with roles.  

Is it possilbe and could someone guide me to some info or show me how they have set it up.

Thanks,
Thomas

3 comments
Comment actions Permalink

Within the ldap-config.properties file make sure your setting are set up similar to this:

####################################################################################################
# LDAP SYNCHRONIZATION
####################################################################################################

# Set to "true" to enable the synchronization for user's properties
teamcity.options.users.synchronize=true

# Set to "true" to enable the synchronization for user's groups
teamcity.options.groups.synchronize=true

# Set to "true" to enable automatic user creation and deletion during the synchronization.
teamcity.options.createUsers=true
teamcity.options.deleteUsers=false

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000



### GROUPS SETTINGS ###
# These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists)

# The groups base DN. Groups are retrieved from the LDAP subtree denoted by this DN.
teamcity.groups.base=OU=Miscellaneous,OU=Application,OU=Groups

# The group search filter.
# LDAP filter string to search for all groups.
teamcity.groups.filter=(objectClass=group)

# The attribute that indicates the member of the group
teamcity.groups.property.member=member


### OPTIONAL USER SETTINGS ###

# The name of LDAP attribute to retrieve user's full name
teamcity.users.property.displayName=displayName

# The name of LDAP attribute to retrieve user's email
teamcity.users.property.email=mail




In addition, make sure that you have your ldap-mapping.xml file set up correctly. Here's ours:


<mapping>
  <group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_TeamCity_Developers,OU=Miscellaneous,OU=Application,OU=Groups,DC=idtdna,DC=com"/>
  <group-mapping teamcityGroupKey="ADMIN" ldapGroupDn="CN=SG_TeamCity_Admins,OU=Miscellaneous,OU=Application,OU=Groups,DC=idtdna,DC=com"/>
</mapping>


We created new ad groups to use, but you can use existing ones as well.

-Eric

0
Comment actions Permalink

Hi Thomas,

Few links that can be useful for you:
LDAP documentation can be found at http://www.jetbrains.net/confluence/display/TCD4/LDAP+Integration.
Also there's a page with typical ldap-config.properties examples -http://www.jetbrains.net/confluence/display/TCD5/Samples+of+ldap-config.properties+File. Examples are valid for 5.0, but most of them also work for 4.5.

---
Maxim

0
Comment actions Permalink

Maxim and Eric,

Thanks for the help regarding this.   Much appreciated.

Thomas

0

Please sign in to leave a comment.