##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: fixed ldap options. Those no longer exist in 4.X
marcink -
r1936:39cf4a72 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,88 +1,90 b''
1 .. _config-ldap-ref:
1 .. _config-ldap-ref:
2
2
3 LDAP
3 LDAP
4 ----
4 ----
5
5
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) authentication.
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
7 AD (active Directory) authentication.
7 All LDAP versions are supported, with the following |RCM| plugins managing each:
8 All LDAP versions are supported, with the following |RCM| plugins managing each:
8
9
9 * For LDAPv3 use ``rhodecode.lib.auth_modules.auth_ldap_group``
10 * For LDAPv3 use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
10 * For older LDAP versions use ``rhodecode.lib.auth_modules.auth_ldap``
11 * For LDAPv3 with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
12
11
13
12 .. important::
14 .. important::
13
15
14 The email used with your |RCE| super-admin account needs to match the email
16 The email used with your |RCE| super-admin account needs to match the email
15 address attached to your admin profile in LDAP. This is because
17 address attached to your admin profile in LDAP. This is because
16 within |RCE| the user email needs to be unique, and multiple users
18 within |RCE| the user email needs to be unique, and multiple users
17 cannot share an email account.
19 cannot share an email account.
18
20
19 Likewise, if as an admin you also have a user account, the email address
21 Likewise, if as an admin you also have a user account, the email address
20 attached to the user account needs to be different.
22 attached to the user account needs to be different.
21
23
22 LDAP Configuration Steps
24 LDAP Configuration Steps
23 ^^^^^^^^^^^^^^^^^^^^^^^^
25 ^^^^^^^^^^^^^^^^^^^^^^^^
24
26
25 To configure |LDAP|, use the following steps:
27 To configure |LDAP|, use the following steps:
26
28
27 1. From the |RCM| interface, select
29 1. From the |RCM| interface, select
28 :menuselection:`Admin --> Authentication`
30 :menuselection:`Admin --> Authentication`
29 2. Enable the required plugin and select :guilabel:`Save`
31 2. Enable the required plugin and select :guilabel:`Save`
30 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
32 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
31 4. Add the required LDAP information and :guilabel:`Save`, for more details,
33 4. Add the required LDAP information and :guilabel:`Save`, for more details,
32 see :ref:`config-ldap-examples`
34 see :ref:`config-ldap-examples`
33
35
34 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
36 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
35
37
36 .. _config-ldap-examples:
38 .. _config-ldap-examples:
37
39
38 Example LDAP configuration
40 Example LDAP configuration
39 ^^^^^^^^^^^^^^^^^^^^^^^^^^
41 ^^^^^^^^^^^^^^^^^^^^^^^^^^
40 .. code-block:: bash
42 .. code-block:: bash
41
43
42 # Auth Cache TTL
44 # Auth Cache TTL
43 3600
45 3600
44 # Host
46 # Host
45 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
47 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
46 # Port
48 # Port
47 389
49 389
48 # Account
50 # Account
49 cn=admin,dc=rhodecode,dc=com
51 cn=admin,dc=rhodecode,dc=com
50 # Password
52 # Password
51 ldap-user-password
53 ldap-user-password
52 # LDAP connection security
54 # LDAP connection security
53 LDAPS
55 LDAPS
54 # Certificate checks level
56 # Certificate checks level
55 DEMAND
57 DEMAND
56 # Base DN
58 # Base DN
57 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
59 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
58 # User Search Base
60 # User Search Base
59 ou=groups,ou=users
61 ou=groups,ou=users
60 # LDAP search filter
62 # LDAP search filter
61 (objectClass=person)
63 (objectClass=person)
62 # LDAP search scope
64 # LDAP search scope
63 SUBTREE
65 SUBTREE
64 # Login attribute
66 # Login attribute
65 rmagillacuddy
67 rmagillacuddy
66 # First Name Attribute
68 # First Name Attribute
67 Rufus
69 Rufus
68 # Last Name Attribute
70 # Last Name Attribute
69 Magillacuddy
71 Magillacuddy
70 # Email Attribute
72 # Email Attribute
71 LDAP-Registered@email.ac
73 LDAP-Registered@email.ac
72 # User Member of Attribute
74 # User Member of Attribute
73 Organizational Role
75 Organizational Role
74 # Group search base
76 # Group search base
75 cn=users,ou=groups,dc=rhodecode,dc=com
77 cn=users,ou=groups,dc=rhodecode,dc=com
76 # LDAP Group Search Filter
78 # LDAP Group Search Filter
77 (objectclass=posixGroup)
79 (objectclass=posixGroup)
78 # Group Name Attribute
80 # Group Name Attribute
79 users
81 users
80 # Group Member Of Attribute
82 # Group Member Of Attribute
81 cn
83 cn
82 # Admin Groups
84 # Admin Groups
83 admin,devops,qa
85 admin,devops,qa
84
86
85 .. toctree::
87 .. toctree::
86
88
87 ldap-active-directory
89 ldap-active-directory
88 ldap-authentication
90 ldap-authentication
General Comments 0
You need to be logged in to leave comments. Login now