teamcity.users.login.filter - issue -- Solved
Hello,
I has an issue with teamcity.users.login.filter definition.
We use LDAP = Active Directory (2003 x86)
Currecnt config is:
#
# LDAP credentials for TeamCity plugin.
java.naming.provider.url=ldaps://ldap-us.domain.com:636/DC=domain,DC=COM
java.naming.security.principal=CN=ldapconnector,OU=ServiceUsers,OU=Users,OU=domain,DC=domain,DC=com
java.naming.security.credentials=*****
java.naming.security.authentication=simple
java.naming.referral=follow
# Login using 'sAMAccountName' value.
teamcity.auth.formatDN=domain\\$login$
teamcity.users.base=OU=Users,OU=domain,DC=domain,DC=COM
#teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
#teamcity.users.login.filter=(sAMAccountName=$login$)
#teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
#teamcity.users.login.filter=(&(sAMAccountName=$login$)(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
#teamcity.users.login.filter=(memberOf=OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=COM)
# User autocreation
teamcity.options.createUsers=true
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
# Synchronize user data
teamcity.users.filter=(&(objectClass=user)(memberOf=CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.options.users.synchronize=true
teamcity.options.syncTimeout=36000000
# Allow only username part without domain
teamcity.auth.loginFilter=[^/\\\\@]+
# Group synchronization: disabled.
# teamcity.options.groups.synchronize=false
I tried more variants, but without cuccess:
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.login.filter=(sAMAccountName=$login$)
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.users.login.filter=(&(sAMAccountName=$login$)(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.users.login.filter=(memberOf=OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=COM)
I always get the error:
[2013-07-12 10:24:39,616] INFO - jetbrains.buildServer.LDAP - Failed to find user in LDAP by 'vdoina'. Cause: No such object ([LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=DOMAIN,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=DOMAIN,DC=com'
]; remaining name 'OU=Users,OU=DOMAIN,DC=DOMAIN,DC=COM')
Most common reason for this error: LDAP server couldn't resolve the path specified in base DN.
Please verify the following properties:
java.naming.provider.url
teamcity.users.base
teamcity.groups.base
and make sure the base DN is relative to the root DN (specified in java.naming.provider.url)
Can someone advise how I can restrict login only for users from specified OU ?
(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com)
Please sign in to leave a comment.
Fixed:
Working config is:
Issue was in:
this should be relative: