LDAP Authorization - How can I only let in users who are in a certain group?


from what I read in the documentation, TeamCity allows every user in, who can be authenthicated against the configured LDAP server. Each user will be automatically created in TeamCity's internal database on login. This works good so far. Now I want to limit access to TeamCity to users who are member of a certain group in LDAP. I have created a group teamcityusers for this purpose. How can i configure TeamCity, that only users in this group are let in?

Best regards,

1 comment
Comment actions Permalink


There is a way to achieve this (in 4.5). You need to set the following properties:

teamcity.users.login.filter    # a filter to find the user in LDAP, here you can include 'teamcityusers' membership condition
teamcity.users.base            # a root DN
teamcity.users.username        # an attribute which value should be set as username
java.naming.security.principal # the principal that performs the search

In this case the login module will try to find the user in LDAP and fetch the username to be stored in TeamCity. If the user cannot be found, user won't be authenticated.

Thanks, Maxim


Please sign in to leave a comment.