Unable to render embedded object: File (TeamCity48.png) not found.

TeamCity 9.x Documentation

Documentation for Previous Versions

Icon

You are viewing the documentation of TeamCity 9.x, which is not the most recently released version of TeamCity.
View this page in the latest documentation or refer to the listing to choose the documentation corresponding to your TeamCity version.

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page contains samples of ldap-config.properties file for different configuration cases.

Table of Contents
maxlevel3
minlevel3

Basic LDAP Login

The backup LDAP server is specified. Provided users can log in to LDAP with "EXAMPLE\Username", they log in to TeamCity also as "EXAMPLE\Username", the username stored in TeamCity is "Username".

Code Block
# The second URL is used when the first server is down.
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com ldap://failover.example.com:389/DC=example,DC=com

# Allow to log in with 'EXAMPLE\username', but cut off 'EXAMPLE' in TeamCity username.
teamcity.auth.loginFilter=EXAMPLE\\\\\\S+
teamcity.users.login.capture=EXAMPLE\\\\(.*)

# No synchronization, just login.
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=false

Basic LDAP Login for Users in Specific LDAP Group Only

Only users from a specific user group are allowed to log in. The users need to enter the username only the without domain part to log in.

Code Block
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com

# Windows username for user to browse LDAP
java.naming.security.principal=RealUsername
# Windows password for user to browse LDAP
java.naming.security.credentials=User'sPaSsWorD

# Root node containing all the LDAP users (full entry DN is "CN=Users,DC=example,DC=com")
teamcity.users.base=CN=Users

# filtering only users with specified name and belonging to LDAP group "Group1" with DN "CN=Group1,CN=Users,DC=example,DC=com"
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=Group1,CN=Users,DC=example,DC=com))

# retrieving TeamCity username form the "sAMAccountName" LDAP entry attribute
teamcity.users.username=sAMAccountName

# Allow only username part without domain
teamcity.auth.loginFilter=[^/\\\\@]+

# No synchronization, just login.
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=false

Active Directory With User Details Synchronization

Users can log in to TeamCity with their domain name without the domain part, there is an account "teamcity" with password "secret" that can read all Active Directory entries. The TeamCity user display name and email are synchronized from Active Directory.

Info

Fix to eliminate double users creation (EXAMPLE/Bob and Bob)

Code Block
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com

# Login using 'sAMAccountName' value.
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

# LDAP credentials for TeamCity plugin.
java.naming.security.principal=CN=teamcity,CN=Users,DC=example,DC=com
java.naming.security.credentials=secret

# User synchronization: on, synchronize display name and e-mail.
teamcity.options.users.synchronize=true
teamcity.users.base=CN=users
teamcity.users.filter=(objectClass=user)
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail

# Group synchronization: disabled.
teamcity.options.groups.synchronize=false

Active Directory With Group Synchronization

There should be ldap-mapping.xml file with one or more group mappings defined.

ldap-config.properties file:

Code Block
java.naming.provider.url=ldap://example.com:389/DC=example,DC=com

# Allow to enter anything, but after that format it into 'EXAMPLE\login'.
teamcity.auth.formatDN=EXAMPLE\\$login$

# LDAP credentials for TeamCity plugin.
java.naming.security.principal=teamcity
java.naming.security.credentials=secret

# Synchronize both users and groups. Remove obsolete TeamCity users, but don't create new ones automatically.
teamcity.options.users.synchronize=true
teamcity.options.groups.synchronize=true
teamcity.options.createUsers=false
teamcity.options.deleteUsers=true
teamcity.options.syncTimeout=3600000

# Search users from the root: 'DC=example,DC=com'.
teamcity.users.base=
teamcity.users.filter=(objectClass=user)
teamcity.users.username=sAMAccountName

# Search groups from 'CN=groups,DC=example,DC=com'.
teamcity.groups.base=CN=groups
teamcity.groups.filter=(objectClass=group)
teamcity.groups.property.member=member