TeamCity LDAP integration with existing built-in users.
We would like to enable and start using the LDAP integration with our on-prem TeamCity server. The question we have is that we have been using this TeamCity instance for many years and all our built-in users are configured with their LDAP usernames.
Is it possible to enable LDAP authentication? Will the LDAP accounts conflict with the existing built-in accounts due to the matching usernames?
Please sign in to leave a comment.
First of all, apologies for the delayed response here.
By default, when enabled, LDAP auth will not affect your existing accounts and will be just another way to log into TeamCity. Depending on configuration, TeamCity will:
- look up existing users in TeamCity on login attempt basing on some LDAP-side property;
- if allowed (by default), attempt to create a new TeamCity user account if none were found by given credentials;
- otherwise, stop authentication process.
If LDAP server reports the credentials are wrong, TeamCity will use other authentication method you have enabled (usually, basic auth and token-based auth, unless you turn them off explicitly). The detailed sequence is described here (https://www.jetbrains.com/help/teamcity/ldap-integration.html#Configuring+User+Login).
TeamCity may sync up user accounts with LDAP data (see the details here: https://www.jetbrains.com/help/teamcity/ldap-integration.html#Synchronization), and even create or delete users should you need it (again, these options should be enabled manually - https://www.jetbrains.com/help/teamcity/ldap-integration.html#Creating+and+Deleting+Users).
I hope this helps; for any questions or concerns, please let me know.