how to configure nested group member for LDAP on TeamCity ?

our TC version is 4.5.5.

I have a problem when I configued group-mapping for LDAP, any help and advice will be greatly appreciated.

see the detail in the attachment.

....
member=a (a is people name, it can be mapped successfully)
member=b (b is another group name, it cannot be mapped successfully, how to map this group(b)'s member people to groups page on TC server? thanks )
member=c (c is people name, it can be mapped successfully)
... ...

Thanks,

James



Attachment(s):
ldap-group.JPG
7 comments
Comment actions Permalink

Hi James,

What is your problem exactly?
You can configure a separate TeamCity group, map it to the nested LDAP group and sync both.


---
Thanks, Maxim

0
Comment actions Permalink

Hi Maxim,

Thanks for your answer. I will use "Select parent group(s) ..." function on Genertal tab ( "nested LDAP group" you mentioned ).

thanks again, great production!

James

0
Comment actions Permalink

You're always welcome! =)

---
Maxim

0
Comment actions Permalink

I am using TeamCity 6 !

Do you have a better solution (More clean solution)?

If I need to create all my active directory group in TeamCity I need to give access to the people who manage active directory to logon in "TeamCity Server" to change file "ldap-mapping.xml”?
Not a clean solution for me
...

I have group "PoweUsers" in TeamCity
Mapping on "TeamCity Power User" in  ActiveDirectory

The group ““TeamCity Power User”“ has the following group

TeamCity Power User
     --TeamLead     --> Active directory group
     --Architect     --> Active directory group
     --User A
     --User B

User A and B everything are ok but all others users, members of group  "TeamLead" and "Architect"  doesn't work (Role dowsn't work) !

Thanks

0
Comment actions Permalink

Hi Philippe,

Is it the same problem you've emailed about in teamcity-feedback? If yes, we can continue discussion there or here, if you like.


---
Maxim

0
Comment actions Permalink

I'm posting a resolution to the issue here: the members of nested groups of an LDAP group (POWER_USERS) are not considered as members of this group. So the solution to make it is to add nested group (TeamLead) to the mapping file and it will be synchronized as well.
Hope this will help everyone that has similar problems.


---
Maxim

0
Comment actions Permalink

Is this still the case with TC Version 10.0.4? Is it still true that Nested AD Group users will not be considered members of a TC group?

My situation is:

Group_Main (Container)
-- Group_A (Contains)
---- User: Angelina Jolie
---- User: Brad Pitt
-- Group_B
---- User: Johnny Depp
---- User: Sigourney Weaver

In TC I have created a group called GROUP_MAIN
and in the ldap-mappings.xml, I have the following: 

<group-mapping teamcityGroupKey="GROUP_MAIN" ldapGroupDn="CN=Group_Main,OU=Groups,DC=myDomain,DC=com"/>

When I run LDAP sync, it states nothing updated, and the group, "GROUP_MAIN," in TC shows 0 users.

So, it looks like nested group users are not resolved. Is this correct and by design?

Thanks

 

[UPDATE]: I see that this has been resolved in Release 2017.1, with feature TW-8696.
https://youtrack.jetbrains.com/issue/TW-8696 

0

Please sign in to leave a comment.