LDAP - won't accept User Logon Name, accepts Display name

We've got it working, but it sould would be easier if the users could enter the Username ratner than their display name - we have developers with really long names.  I'm lazy, and would much rather type 'lsyracus' than 'Lou Syracuse'  

Our network guy has been working with me on this,he just can't figure it out.    I have attached is a copy of my ldap-config.properties file, with certain parts blacked out - any assistance would be greatly appreciated.   We are running version 4.5.4 (build 9071) on Windows 2008 server, 32 bit.

Thanks in advance,
Lou



Attachment(s):
ldap-config.properties
4 comments
Comment actions Permalink

Lou,

I had the same challenge setting up our TeamCity LDAP integration, but got it working in the end with a bit of trial-and-error.

I did a quick side-by-side of your configuration and ours and see only three significant differences:

teamcity.auth.loginFilter=.+

(probably doesn't matter, I guess I could just be using the default)

teamcity.auth.formatDN=OURDOMAIN\\$login$


#teamcity.users.login.filter=(cn=$capturedLogin$)

I can't promise that will work for your setup, but hope that helps! I seem to remember turning on logging for LDAP (bottom of page http://www.jetbrains.net/confluence/display/TCD4/LDAP+Integration) which gave me much better insight as to what was going on.

Cheers,


Andy

0
Comment actions Permalink

We had a couple of issues that the log helped out with, so I definitly agree with Andy that you should turn that on.

Here are that differences with our file:

--We don't use the transformation so we have these two lines remain commented out:
#teamcity.auth.loginFilter=[^/\\\\@]+
#teamcity.users.login.filter=(cn=$capturedLogin$)

--We have the following commentd out
#teamcity.property.distinguishedName=distinguishedName

--We have these uncomented:

java.naming.referral=follow
java.naming.security.authentication=simple

-- Group Settings, we use the ldap groups to automatically assign people to tc groups/roles
teamcity.options.groups.synchronize=true

teamcity.groups.filter=(objectClass=group)
teamcity.groups.property.member=member

teamcity.groups.base=OU=Miscellaneous,OU=Application,OU=Groups

-- differences
teamcity.auth.formatDN=$login$@DomainName.com
teamcity.users.filter=(&(objectCategory=Person)(memberOf:1.2.840.113556.1.4.1941:=CN=SG_TeamCity_Developers,OU=Miscellaneous,OU=Application,OU=Groups,DC=DomainName,DC=com))


0
Comment actions Permalink

Thanks for checking!    Unfortunetly I still have the same issue.

For some reason I was also removed as an Team City Administrator.   And since I was the only admin in the system that could have been a problem, Fortunetly I figured out what to do in SQL to get my Admin rights back.

Unfortunetly the extra log info in teamcity-server.log really didn't give any additional information ouside of a lenghy call stack.  What I'm getting is:

[2009-08-20 13:57:26,392]   INFO -     jetbrains.buildServer.LDAP - Failed to login user 'lsyracus' due to authentication error. Cause: Invalid credentials ([LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ])
[2009-08-20 13:57:26,392]   INFO -   jetbrains.buildServer.SERVER - Login for user lsyracus failed: Failed to login user 'lsyracus' due to authentication error: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
For some reason I can't get LDAP to look at the user's login name; if I replace my login name (lsyracus) with the display name (Lou Syracuse) it works pefectly with the same passsword.

0
Comment actions Permalink

Hi Lou,

What is your DN in LDAP? You can configure the plugin to format input username into a name that can be accepted by LDAP, e.g. full DN or 'DOMAIN/login' username.

---
Maxim

0

Please sign in to leave a comment.