LDAP group synchronization flattens TeamCity's group hierarchy

Hey there,

Currently running TeamCity 4.5.5 (build 9029) with LDAP integration.
Everything is working great, except one thing.

I currently have a groups hierachy in TeamCity that looks like this:

* All users
   * Company (All members of the company - rights to view applications projects)
      * Development (The devel branch of the company - rights to view apps and library projects)
         * My team (Full rights to edit anything, since we develop the stuff)
* Admins (Our IT staff, just in case )

As you can see, "Development" is a parent to "My Team", "Company" is a parent to "Development" and "All users" is a parent to Company".
During LDAP synchronization the users are put into these groups based on the LDAP groups they belong to (meaning that you can be put in more than one
group in TeamCity, which is not a problem since they have a common hierachy anyway).



Now once I do an LDAP synchronization (either manually or automatically), the group hierachy gets partially flattened.
Now it looks:

* All users
   * Company
* Development
* My team
* Admins

As you can see, "Development" and "My team" no longer have any parents, though for some reason "Company" is still a child to "All users"
Now this breaks the chain, since I have some configurations (such as notification rules) that are no longer given to "My team" etc.

I've been looking around the documentation and these forums but I can't find anything that would cause this behavior.

I'm not getting any errors during synchronization, other than some warnings regarding users found in LDAP groups but not in the list of users and groups.

Anyone that can give me a pointer as to how I can stop the group hierachy from being flattened? Probably just a setting I have missed somewhere.
My LDAP

I'm attaching the ldap config and mapping files if you need to take a look.

Many thanks in advance
Jon



Attachment(s):
ldap-config.properties.zip
ldap-mapping.xml
2 comments
Comment actions Permalink

Jon,

Can you please enable LDAP debug logs, restore your groups hierarchy, then run LDAP synchronization and send us the logs?
If you do not want to make them public, you have the options to file an issue with non-public attachment (better) or send email to teamcity feedback.

--
Best regards,

Yegor Yarko
QA Engineer (TeamCity)
JetBrains, Inc
http://www.jetbrains.com
"Develop with pleasure!"

0
Comment actions Permalink

Thanks for your reply, Yegor.

I've added this as TW-9708 in your tracker and attached the config and debug files.

Thanks
Jon

0

Please sign in to leave a comment.