charlieanstey
2/4/2015 - 4:50 PM

TeamCity :: LDAP Configuration

TeamCity :: LDAP Configuration

<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
<mapping>
  <group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_Development,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="IT" ldapGroupDn="CN=SG_IT,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="TEST" ldapGroupDn="CN=SG_Test,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
</mapping>
### MANDATORY SETTINGS ###

# The url(s) of LDAP server, with URL escaping e.g. "%20"
java.naming.provider.url=ldap://dc.degree53.local:389/DC=degree53,DC=local

# The credentials to browse and sync LDAP
java.naming.security.principal=teamcity
java.naming.security.credentials=

# Users base DN, relative to "java.naming.provider.url"
teamcity.users.base=OU=Users,OU=Degree53

# LDAP filter to search for LDAP user in "teamcity.users.base"
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

# The name of LDAP attribute that will be used to match LDAP entries with TeamCity users.
# The value of the attribute will be used as TeamCity user's username.
# If omitted, value of $capturedLogin$ will be used as TeamCity user's username.
teamcity.users.username=sAMAccountName

# Optional additional Java Naming options for advanced usages,
#   see http://docs.oracle.com/javase/6/docs/api/javax/naming/Context.html#field_detail
java.naming.referral=follow
java.naming.security.authentication=none

### USERNAME TRANSFORMATION SETTINGS ###

# Regex to deny login if contains "\" or "@".
teamcity.auth.loginFilter=[^/\\\\@]+

# Pattern extracts login name, puts into "$capturedLogin$" substitution so will be "JSmith" if user entered EXAMPLE\JSmith
teamcity.users.login.capture=EXAMPLE\\\\(.*)

# LDAP SYNCHRONIZATION

### USERS SETTINGS ###

# Set to "true" to enable the synchronization for existig users' properties.
# For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
teamcity.options.users.synchronize=true

# The user search LDAP filter used to retrieve users to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.users.base".
# Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
teamcity.users.filter=(objectClass=user)

### GROUPS SETTINGS ###
# Group sync. Requires ldap-mapping.xml

# Enable sync of groups in ldap-mapping.xml
teamcity.options.groups.synchronize=true

# Groups base DN, relative to "java.naming.provider.url"
teamcity.groups.base=OU=Security Groups,OU=Groups,OU=Degree53

# The group search LDAP filter used to retrieve groups to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
teamcity.groups.filter=(objectClass=group)

# Set to "true" to enable automatic user creation and deletion during group synchronization.
teamcity.options.createUsers=true
teamcity.options.deleteUsers=true

### OPTIONAL SETTINGS ###

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000

# Attribute showing member of the group.
teamcity.groups.property.member=member

# The name of LDAP attribute to retrieve user's full name
teamcity.users.property.displayName=displayName

# The name of LDAP attribute to retrieve user's email
teamcity.users.property.email=mail

# Git username of users based on LDAP username attribute
teamcity.users.property.plugin\:vcs\:jetbrains.git\:anyVcsRoot=sAMAccountName

# Forces TeamCity to ignore manual user changes to properties and apply LDAP values,
teamcity.users.forceUpdatePropertiesDuringSync=true

# Fetched only groups mentioned in mapping file from LDAP.
teamcity.groups.fetchOnlyMappedGroups=true