##// END OF EJS Templates
user-groups: on admin view redirect links to public profile. We have an explicit...
user-groups: on admin view redirect links to public profile. We have an explicit edit button, and this is consistent with user views.

File last commit:

r1936:39cf4a72 default
r2639:336bd192 default
Show More
ldap-config-steps.rst
90 lines | 2.5 KiB | text/x-rst | RstLexer
/ docs / auth / ldap-config-steps.rst
project: added all source files and assets
r1 .. _config-ldap-ref:
LDAP
----
docs: fixed ldap options. Those no longer exist in 4.X
r1936 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
AD (active Directory) authentication.
project: added all source files and assets
r1 All LDAP versions are supported, with the following |RCM| plugins managing each:
docs: fixed ldap options. Those no longer exist in 4.X
r1936 * For LDAPv3 use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
* For LDAPv3 with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
project: added all source files and assets
r1
.. important::
The email used with your |RCE| super-admin account needs to match the email
address attached to your admin profile in LDAP. This is because
within |RCE| the user email needs to be unique, and multiple users
cannot share an email account.
Likewise, if as an admin you also have a user account, the email address
attached to the user account needs to be different.
LDAP Configuration Steps
^^^^^^^^^^^^^^^^^^^^^^^^
To configure |LDAP|, use the following steps:
1. From the |RCM| interface, select
:menuselection:`Admin --> Authentication`
2. Enable the required plugin and select :guilabel:`Save`
3. Select the :guilabel:`Enabled` check box in the plugin configuration section
4. Add the required LDAP information and :guilabel:`Save`, for more details,
see :ref:`config-ldap-examples`
For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
.. _config-ldap-examples:
Example LDAP configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: bash
# Auth Cache TTL
3600
# Host
https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
# Port
389
# Account
cn=admin,dc=rhodecode,dc=com
# Password
ldap-user-password
# LDAP connection security
LDAPS
# Certificate checks level
DEMAND
# Base DN
cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
# User Search Base
ou=groups,ou=users
# LDAP search filter
(objectClass=person)
# LDAP search scope
SUBTREE
# Login attribute
rmagillacuddy
# First Name Attribute
Rufus
# Last Name Attribute
Magillacuddy
# Email Attribute
LDAP-Registered@email.ac
# User Member of Attribute
Organizational Role
# Group search base
cn=users,ou=groups,dc=rhodecode,dc=com
# LDAP Group Search Filter
(objectclass=posixGroup)
# Group Name Attribute
users
# Group Member Of Attribute
cn
# Admin Groups
admin,devops,qa
.. toctree::
ldap-active-directory
ldap-authentication