Show More
| @@ -1,88 +1,90 b'' | |||
|
|
1 | 1 | .. _config-ldap-ref: |
|
|
2 | 2 | |
|
|
3 | 3 | LDAP |
|
|
4 | 4 | ---- |
|
|
5 | 5 | |
|
|
6 |
|RCM| supports LDAP (Lightweight Directory Access Protocol) |
|
|
|
6 | |RCM| supports LDAP (Lightweight Directory Access Protocol) or | |
|
|
7 | AD (active Directory) authentication. | |
|
|
7 | 8 | All LDAP versions are supported, with the following |RCM| plugins managing each: |
|
|
8 | 9 | |
|
|
9 | * For LDAPv3 use ``rhodecode.lib.auth_modules.auth_ldap_group`` | |
|
|
10 | * For older LDAP versions use ``rhodecode.lib.auth_modules.auth_ldap`` | |
|
|
10 | * For LDAPv3 use ``LDAP (egg:rhodecode-enterprise-ce#ldap)`` | |
|
|
11 | * For LDAPv3 with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)`` | |
|
|
12 | ||
|
|
11 | 13 | |
|
|
12 | 14 | .. important:: |
|
|
13 | 15 | |
|
|
14 | 16 | The email used with your |RCE| super-admin account needs to match the email |
|
|
15 | 17 | address attached to your admin profile in LDAP. This is because |
|
|
16 | 18 | within |RCE| the user email needs to be unique, and multiple users |
|
|
17 | 19 | cannot share an email account. |
|
|
18 | 20 | |
|
|
19 | 21 | Likewise, if as an admin you also have a user account, the email address |
|
|
20 | 22 | attached to the user account needs to be different. |
|
|
21 | 23 | |
|
|
22 | 24 | LDAP Configuration Steps |
|
|
23 | 25 | ^^^^^^^^^^^^^^^^^^^^^^^^ |
|
|
24 | 26 | |
|
|
25 | 27 | To configure |LDAP|, use the following steps: |
|
|
26 | 28 | |
|
|
27 | 29 | 1. From the |RCM| interface, select |
|
|
28 | 30 | :menuselection:`Admin --> Authentication` |
|
|
29 | 31 | 2. Enable the required plugin and select :guilabel:`Save` |
|
|
30 | 32 | 3. Select the :guilabel:`Enabled` check box in the plugin configuration section |
|
|
31 | 33 | 4. Add the required LDAP information and :guilabel:`Save`, for more details, |
|
|
32 | 34 | see :ref:`config-ldap-examples` |
|
|
33 | 35 | |
|
|
34 | 36 | For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`: |
|
|
35 | 37 | |
|
|
36 | 38 | .. _config-ldap-examples: |
|
|
37 | 39 | |
|
|
38 | 40 | Example LDAP configuration |
|
|
39 | 41 | ^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
|
40 | 42 | .. code-block:: bash |
|
|
41 | 43 | |
|
|
42 | 44 | # Auth Cache TTL |
|
|
43 | 45 | 3600 |
|
|
44 | 46 | # Host |
|
|
45 | 47 | https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ |
|
|
46 | 48 | # Port |
|
|
47 | 49 | 389 |
|
|
48 | 50 | # Account |
|
|
49 | 51 | cn=admin,dc=rhodecode,dc=com |
|
|
50 | 52 | # Password |
|
|
51 | 53 | ldap-user-password |
|
|
52 | 54 | # LDAP connection security |
|
|
53 | 55 | LDAPS |
|
|
54 | 56 | # Certificate checks level |
|
|
55 | 57 | DEMAND |
|
|
56 | 58 | # Base DN |
|
|
57 | 59 | cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com |
|
|
58 | 60 | # User Search Base |
|
|
59 | 61 | ou=groups,ou=users |
|
|
60 | 62 | # LDAP search filter |
|
|
61 | 63 | (objectClass=person) |
|
|
62 | 64 | # LDAP search scope |
|
|
63 | 65 | SUBTREE |
|
|
64 | 66 | # Login attribute |
|
|
65 | 67 | rmagillacuddy |
|
|
66 | 68 | # First Name Attribute |
|
|
67 | 69 | Rufus |
|
|
68 | 70 | # Last Name Attribute |
|
|
69 | 71 | Magillacuddy |
|
|
70 | 72 | # Email Attribute |
|
|
71 | 73 | LDAP-Registered@email.ac |
|
|
72 | 74 | # User Member of Attribute |
|
|
73 | 75 | Organizational Role |
|
|
74 | 76 | # Group search base |
|
|
75 | 77 | cn=users,ou=groups,dc=rhodecode,dc=com |
|
|
76 | 78 | # LDAP Group Search Filter |
|
|
77 | 79 | (objectclass=posixGroup) |
|
|
78 | 80 | # Group Name Attribute |
|
|
79 | 81 | users |
|
|
80 | 82 | # Group Member Of Attribute |
|
|
81 | 83 | cn |
|
|
82 | 84 | # Admin Groups |
|
|
83 | 85 | admin,devops,qa |
|
|
84 | 86 | |
|
|
85 | 87 | .. toctree:: |
|
|
86 | 88 | |
|
|
87 | 89 | ldap-active-directory |
|
|
88 | 90 | ldap-authentication |
General Comments 0
You need to be logged in to leave comments.
Login now