LDAP Syncronization not working in TeamCity 8.0.3?

Hello,I am using TeamCity Professional 8.0.3 (just upgraded from v7) and the LDAP user synchronization is no longer working.

I do understand that the configuration from 7 to 8 has changed a little, but I am finding it odd that users can authenticate, but the info is not pulled back.Is this a known issue? or has anyone gotten it working with 8.x.x that can share a sample config? (I am using the global catalogue, as I need to authenticate to multiple domains, which the java.naming.provider.url does not seem to allow).

Ultimately I am trying to use the root domain, as I have multples I need to authenticate to

eg:

java.naming.provider.url=ldap://xxx.xx.xxx.xx:3268/DC=Region1,DC=corp,DC=company,DC=com
java.naming.provider.url=ldap://xxx.xx.xxx.xx:3268/DC=Region2,DC=corp,DC=company,DC=com


# This is a sample configuration file for TeamCity LDAP integration
# To make it effective, copy it to ldap-config.properties file
# This file is overwritten with default content on each server startup.
# See documentation at http://www.jetbrains.net/confluence/display/TCD8/LDAP+Integration

### MANDATORY SETTINGS ###

# We need to pass the root domain and global catalogue port (3268) to authenticate users from all domains in the forest. It we use port 389, it takes bloody ages.
java.naming.provider.url=ldap://xxx.xx.xxx.xx:3268/DC=corp,DC=company,DC=com

# Login using 'sAMAccountName' value.
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

# LDAP credentials for TeamCity plugin.
java.naming.security.principal=Domain\\User
java.naming.security.credentials=MyPassword

# LDAP filter string to search for all users.
teamcity.users.filter=(objectClass=user)

# User synchronization: on, synchronize display name and e-mail.
teamcity.options.users.synchronize=true
#teamcity.users.base=OU=UserAccounts,DC=corp,DC=company,DC=com - If this is enabled, I cannot log in at all.
teamcity.users.filter=(cn=$capturedLogin$)
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
teamcity.users.forceUpdatePropertiesDuringSync=true


java.naming.referral=follow
java.naming.security.authentication=simple

# Set to "true" to enable automatic user creation and deletion during group synchronization.
teamcity.options.createUsers=false
teamcity.options.deleteUsers=false

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000


# Group synchronization: disabled.
teamcity.options.groups.synchronize=false

# The following properties can be used when only TeamCity users should be requested during users sync.
# Useful when the number of LDAP users greately exceeds the number of TeamCity users.
# See the details in http://youtrack.jetbrains.net/issue/TW-17332
# IMPORTANT: turning on this property suppresses the effect of "teamcity.options.createUsers".
teamcity.users.syncOnlyTeamcityUsers=true
teamcity.users.filterPackSize=100

2 comments
Comment actions Permalink

Has nobody else had an issue with the user properties being synced with version 8x? It worked fine in v7, but ever since having to switch to the TeamCity LDAP provider it does not work.

My synchronization settings are:

teamcity.options.users.synchronize=true
teamcity.users.base=CN=Users
teamcity.users.filter=(objectClass=user)
teamcity.users.username=sAMAccountName
teamcity.property.distinguishedName=distinguishedName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
teamcity.users.forceUpdatePropertiesDuringSync=true

Log output:

[2013-11-05 16:31:19,987]   INFO -     jetbrains.buildServer.LDAP - Starting synchronization session
[2013-11-05 16:31:19,987]   INFO -     jetbrains.buildServer.LDAP - Fetching remote users and groups
[2013-11-05 16:31:20,034]   WARN -     jetbrains.buildServer.LDAP - Total results: 0
[2013-11-05 16:31:20,034]   INFO -     jetbrains.buildServer.LDAP - Last synchronization statistics: created users=0, updated users=0, deleted users=0, remote users=0, matched users=0, created groups=0, updated groups=0, deleted groups=0, remote groups=0, matched groups=0, duration=47ms, errors=[]


Seems odd that users can authenticate, but the properties are not pulled back?

0
Comment actions Permalink

I am running TeamCity Pro 8.1.2 (build 29993) and do see synchronization working, but I have a problem in that TeamCity is NOT ignoring manual changes to user accounts and making LDAP the source of truth.  I have configuration set to make this happen, but it does not seem to be working:

# User's properties are synchronized only if not amended by user.
# If for some reason you want to force TeamCity to ignore manual changes and apply LDAP values,
# set this property to 'true'.
# See the details in http://youtrack.jetbrains.net/issue/TW-21310
# IMPORTANT: the result cannot be undone.
teamcity.users.forceUpdatePropertiesDuringSync=true


Anyone else experiencing the same?  Any tips?

0

Please sign in to leave a comment.