teamcity.users.login.filter - issue -- Solved

Hello,
I has an issue with teamcity.users.login.filter definition.

We use LDAP = Active Directory (2003 x86)

Currecnt config is:

#
# LDAP credentials for TeamCity plugin.
java.naming.provider.url=ldaps://ldap-us.domain.com:636/DC=domain,DC=COM
java.naming.security.principal=CN=ldapconnector,OU=ServiceUsers,OU=Users,OU=domain,DC=domain,DC=com
java.naming.security.credentials=*****
java.naming.security.authentication=simple
java.naming.referral=follow

# Login using 'sAMAccountName' value.
teamcity.auth.formatDN=domain\\$login$
teamcity.users.base=OU=Users,OU=domain,DC=domain,DC=COM
#teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
#teamcity.users.login.filter=(sAMAccountName=$login$)
#teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
#teamcity.users.login.filter=(&(sAMAccountName=$login$)(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
#teamcity.users.login.filter=(memberOf=OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=COM)

# User autocreation
teamcity.options.createUsers=true
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail

# Synchronize user data
teamcity.users.filter=(&(objectClass=user)(memberOf=CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.options.users.synchronize=true
teamcity.options.syncTimeout=36000000

# Allow only username part without domain
teamcity.auth.loginFilter=[^/\\\\@]+

# Group synchronization: disabled.
# teamcity.options.groups.synchronize=false


I tried more variants, but without cuccess:
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.login.filter=(sAMAccountName=$login$)
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(CN=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.users.login.filter=(&(sAMAccountName=$login$)(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com))
teamcity.users.login.filter=(memberOf=OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=COM)

I always get the error:

[2013-07-12 10:24:39,616]   INFO -     jetbrains.buildServer.LDAP - Failed to find user in LDAP by 'vdoina'. Cause: No such object ([LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=DOMAIN,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
    'DC=DOMAIN,DC=com'
]; remaining name 'OU=Users,OU=DOMAIN,DC=DOMAIN,DC=COM')
Most common reason for this error: LDAP server couldn't resolve the path specified in base DN.
Please verify the following properties:
  java.naming.provider.url
  teamcity.users.base
  teamcity.groups.base
and make sure the base DN is relative to the root DN (specified in java.naming.provider.url)

Can someone advise how I can restrict login only for users from specified OU ?
(OU=Access-TeamCity,OU=AccessGroups,OU=domain,DC=domain,DC=com)

1 comment
Comment actions Permalink

Fixed:

Working config is:

#
# LDAP credentials for TeamCity plugin.
java.naming.provider.url=ldaps://ldap-md.Domain.com:636/DC=Domain,DC=COM
java.naming.security.principal=CN=ldapconnector,OU=ServiceUsers,OU=Users,OU=Domain,DC=Domain,DC=com
java.naming.security.credentials=******
java.naming.security.authentication=simple
java.naming.referral=follow

# Login using 'sAMAccountName' value.
teamcity.auth.formatDN=Domain\\$login$
teamcity.users.base=OU=Users,OU=Domain
teamcity.users.login.filter=(&(sAMAccountName=$login$)(memberOf=CN=Access-TeamCity,OU=AccessGroups,OU=Domain,DC=Domain,DC=com))

# User autocreation
teamcity.options.createUsers=true
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail

# Synchronize user data
teamcity.users.filter=(&(objectClass=user)(memberOf=CN=Access-TeamCity,OU=AccessGroups,OU=Domain,DC=Domain,DC=com))
teamcity.options.users.synchronize=true
teamcity.options.syncTimeout=36000000

# Allow only username part without domain
teamcity.auth.loginFilter=[^/\\\\@]+

# Group synchronization: disabled.
# teamcity.options.groups.synchronize=false


Issue was in:

teamcity.users.base=OU=Users,OU=domain,DC=domain,DC=COM


this should be relative:

teamcity.users.base=OU=Users,OU=domain
0

Please sign in to leave a comment.