How to setup LDAPS with Teamcity and google.

Answered

Hello,

I have a working LDAP setup which fetches users and groups, however my company plans to move to LDAPS. 

Is it possible to configure it with Teamcity?

I do not find any documentation on how to do it and Teamcity does not want to accept current parameters which are correct. Here is a list of parameters:

java.naming.provider.url=ldaps://ldap.google.com:636/DC=company,DC=com
java.naming.security.principal=CN=$ldaps_user,DC=company,DC=com
java.naming.security.credentials=$ldaps_password
teamcity.users.login.filter=(uid=$capturedLogin$)
teamcity.users.username=uid
java.naming.security.authentication=simple
java.naming.referral=follow
teamcity.options.users.synchronize=true
 
Can you please guide me how to proceed or suggest any solution?
 
Thank you in advance.
teamcity.users.filter=(accountDisabled=FALSE)
0
1 comment

Hi Jaroslaw,

The LDAP(S) authentication configuration is described in this section of the documentation. You can also find more information in the comments inside the <TeamCity data directory>/config/ldap-config.properties.dist file.

I never configured it with Google Platform's LDAP(S), but the configuration should be similar across LDAP(S) providers. Here is what works for me with JumpCloud LDAP(S). Please note I only give you the properties (almost) without the comments, so it takes less space. Many of these properties are optional. Please see the description in the ldap-config.properties.dist file.

java.naming.provider.url=ldaps://ldap.jumpcloud.com:636/
java.naming.security.principal=uid=myServiceUser,ou=Users,o=myOrganizationId,dc=jumpcloud,dc=com
java.naming.security.credentials=myPassword
teamcity.users.base=ou=Users,o=myOrganizationId,dc=jumpcloud,dc=com
# the next line only allows members of Group 1 and Group 2 to log in
teamcity.users.login.filter=(&(|(memberOf=CN=Group 1,ou=Users,o=myOrganizationId,dc=jumpcloud,dc=com)(memberOf=CN=Group 2,ou=Users,o=myOrganizationId,dc=jumpcloud,dc=com))(uid=$capturedLogin$))
teamcity.users.username=uid
teamcity.options.users.synchronize=true
teamcity.users.filter=(objectClass=person)
teamcity.options.groups.synchronize=true
teamcity.groups.base=ou=Users,o=myOrganizationId,dc=jumpcloud,dc=com
teamcity.groups.filter=(objectClass=groupOfNames)
teamcity.options.createUsers=false
teamcity.options.deleteUsers=false
teamcity.options.syncTimeout=3600000
teamcity.groups.property.member=member
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail

It might also help if you clarify what exactly you mean by TeamCity not accepting the correct parameters. An exact error message and log snippets from teamcity-ldap.log and teamcity-auth.log could be useful.

0

Please sign in to leave a comment.