##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: added SAML documentation....
marcink -
r3290:ac4e4e5a default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,105 b''
1 .. _config-saml-duosecurity-ref:
2
3
4 SAML 2.0 with Duo Security
5 --------------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with Duo Security provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as Duo. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure Duo Security SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `Duo Security` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `Duo Security` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-duosecurity`
27
28
29 .. _config-saml-duosecurity:
30
31
32 Example SAML Duo Security configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with Duo Security provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
50
51 *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
54
55 *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from DuoSecurity for example via duo_username
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93 Below is example setup from DUO Administration page that can be used with above config.
94
95 .. image:: ../images/saml-duosecurity-service-provider-example.png
96 :alt: DUO Security SAML setup example
97 :scale: 50 %
98
99
100 Below is an example attribute mapping set for IDP provider required by the above config.
101
102
103 .. image:: ../images/saml-duosecurity-attributes-example.png
104 :alt: DUO Security SAML setup example
105 :scale: 50 % No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,18 b''
1 .. _config-saml-generic-ref:
2
3
4 SAML 2.0 Authentication
5 -----------------------
6
7
8 **This plugin is available only in EE Edition.**
9
10 RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
11
12 Please check for reference two example providers:
13
14 .. toctree::
15
16 auth-saml-duosecurity
17 auth-saml-onelogin
18
Show file before | Show file after | Hide comments
@@ -0,0 +1,106 b''
1 .. _config-saml-onelogin-ref:
2
3
4 SAML 2.0 with One Login
5 -----------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with OneLogin provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as OneLogin. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure OneLogin SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `OneLogin` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `OneLogin` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-onelogin`
27
28
29 .. _config-saml-onelogin:
30
31
32 Example SAML OneLogin configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with OneLogin provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
50
51 *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
54
55 *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from OneLogin for example via Internal ID
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93
94 Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
95
96 .. image:: ../images/saml-onelogin-config-example.png
97 :alt: OneLogin SAML setup example
98 :scale: 50 %
99
100
101 Below is an example attribute mapping set for IDP provider required by the above config.
102
103
104 .. image:: ../images/saml-onelogin-attributes-example.png
105 :alt: OneLogin SAML setup example
106 :scale: 50 % No newline at end of file
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
@@ -3,19 +3,19 b''
3 Anonymous Users
3 Anonymous Users
4 ---------------
4 ---------------
5
5
6 By default, |RCM| provides |repo| access for registered users only. It can be
6 By default, |RCE| provides |repo| access for registered users only. It can be
7 configured to be **world-open** in terms of read and write permissions. This
7 configured to be **world-open** in terms of read and write permissions. This
8 configuration is called "Anonymous Access" and allows |RCM| to be used as a
8 configuration is called "Anonymous Access" and allows |RCE| to be used as a
9 public hub where unregistered users have access to your |repos|.
9 public hub where unregistered users have access to your |repos|.
10
10
11 Anonymous access is useful for open source projects, universities,
11 Anonymous access is useful for open source projects, universities,
12 or if running inside a restricted internal corporate network to serve
12 or if running inside a restricted internal corporate network to serve
13 documents to all employees. Anonymous users get the default user permission
13 documents to all employees. Anonymous users get the default user permission
14 settings that are applied across the whole |RCM| system.
14 settings that are applied across the whole |RCE| system.
15
15
16 To enable anonymous access to your |repos|, use the following steps:
16 To enable anonymous access to your |repos|, use the following steps:
17
17
18 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`.
18 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`.
19 2. On the Application tab, check the :guilabel:`Allow anonymous access` box.
19 2. On the Application tab, check the :guilabel:`Allow anonymous access` box.
20 3. Select :guilabel:`Save`.
20 3. Select :guilabel:`Save`.
21 4. To set the anonymous user access permissions, which are based on the
21 4. To set the anonymous user access permissions, which are based on the
Show file before | Show file after | Hide comments
@@ -166,7 +166,7 b' 2. Add your custom hook details, you can'
166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
167 3. Select :guilabel:`Save`
167 3. Select :guilabel:`Save`
168
168
169 Also, see the |RC| Extensions section of the :ref:`rc-tools` guide. |RC|
169 Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
170 Extensions can be used to add additional hooks to your instance and comes
170 Extensions can be used to add additional hooks to your instance and comes
171 with a number of pre-built plugins if you chose to install them.
171 with a number of pre-built plugins if you chose to install them.
172
172
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Apache WSGI Configuration
3 Apache WSGI Configuration
4 ^^^^^^^^^^^^^^^^^^^^^^^^^
4 ^^^^^^^^^^^^^^^^^^^^^^^^^
5
5
6 |RCM| can also be set up with Apache under ``mod_wsgi``. To configure this
6 |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this
7 use the following steps.
7 use the following steps.
8
8
9 1. Install ``mod_wsgi`` using the following command:
9 1. Install ``mod_wsgi`` using the following command:
@@ -50,6 +50,6 b' The following is an example ``wsgi`` dis'
50 .. note::
50 .. note::
51
51
52 When using `mod_wsgi` the same version of |hg| must be running in your
52 When using `mod_wsgi` the same version of |hg| must be running in your
53 system's |PY| environment and on |RCM|. To check the |RCM| version,
53 system's |PY| environment and on |RCE|. To check the |RCE| version,
54 on the interface go to
54 on the interface go to
55 :menuselection:`Admin --> Settings --> System Info`
55 :menuselection:`Admin --> Settings --> System Info`
Show file before | Show file after | Hide comments
@@ -67,7 +67,7 b' sections.'
67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
68
68
69 |RCC| uses this file to source the latest available builds from the
69 |RCC| uses this file to source the latest available builds from the
70 secure |RC| download channels. The only reason to mess with this file
70 secure RhodeCode download channels. The only reason to mess with this file
71 is if you need to do an offline installation,
71 is if you need to do an offline installation,
72 see the :ref:`Offline Installation<control:offline-installer-ref>`
72 see the :ref:`Offline Installation<control:offline-installer-ref>`
73 instructions, otherwise |RCC| will completely manage this file.
73 instructions, otherwise |RCC| will completely manage this file.
Show file before | Show file after | Hide comments
@@ -33,7 +33,7 b' Glossary'
33 Adding more machines or workers into your pool of resources.
33 Adding more machines or workers into your pool of resources.
34
34
35 Instance
35 Instance
36 A single installed version of one of the |RC| products. It could
36 A single installed version of one of the RhodeCode products. It could
37 refer to |RCE| or the VCS server depending on the context.
37 refer to |RCE| or the VCS server depending on the context.
38
38
39 Plugin
39 Plugin
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Full-text Search
3 Full-text Search
4 ----------------
4 ----------------
5
5
6 By default |RC| is configured to use `Whoosh`_ to index |repos| and
6 By default RhodeCode is configured to use `Whoosh`_ to index |repos| and
7 provide full-text search.
7 provide full-text search.
8
8
9 |RCE| also provides support for `Elasticsearch`_ as a backend for scalable
9 |RCE| also provides support for `Elasticsearch`_ as a backend for scalable
@@ -46,7 +46,7 b' Configure the ``.rhoderc`` File'
46 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
46 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
47
47
48 |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details
48 |RCT| uses the :file:`/home/{user}/.rhoderc` file for connection details
49 to |RCM| instances. If this file is not automatically created,
49 to |RCE| instances. If this file is not automatically created,
50 you can configure it using the following example. You need to configure the
50 you can configure it using the following example. You need to configure the
51 details for each instance you want to index.
51 details for each instance you want to index.
52
52
@@ -62,7 +62,7 b' details for each instance you want to in'
62 - VERSION: 1.5.0
62 - VERSION: 1.5.0
63 - URL: http://127.0.0.1:10000
63 - URL: http://127.0.0.1:10000
64
64
65 To get your API Token, on the |RCM| interface go to
65 To get your API Token, on the |RCE| interface go to
66 :menuselection:`username --> My Account --> Auth tokens`
66 :menuselection:`username --> My Account --> Auth tokens`
67
67
68 .. code-block:: ini
68 .. code-block:: ini
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Public Access
3 Public Access
4 -------------
4 -------------
5
5
6 By default |RCM| allows users to read all **public** |repos|. User
6 By default |RCE| allows users to read all **public** |repos|. User
7 permissions and |repo| access can be configured explicitly,
7 permissions and |repo| access can be configured explicitly,
8 and those permissions will override any default settings. The default
8 and those permissions will override any default settings. The default
9 settings can be found under the following section:
9 settings can be found under the following section:
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Setting Default Permissions
3 Setting Default Permissions
4 ---------------------------
4 ---------------------------
5
5
6 Default permissions allow you to configure |RCM| so that when a new |repo|, user group,
6 Default permissions allow you to configure |RCE| so that when a new |repo|, user group,
7 or user is created their permissions are already defined. To set default permissions you need administrator
7 or user is created their permissions are already defined. To set default permissions you need administrator
8 privileges. See the following sections for setting up your permissions system:
8 privileges. See the following sections for setting up your permissions system:
9
9
@@ -19,7 +19,7 b' Setting User defaults'
19
19
20 To set default user permissions, use the following steps.
20 To set default user permissions, use the following steps.
21
21
22 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
22 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
23 2. Select the :guilabel:`Global` tab from the left-hand menu. The permissions
23 2. Select the :guilabel:`Global` tab from the left-hand menu. The permissions
24 set on this screen apply to users and user-groups across the whole instance.
24 set on this screen apply to users and user-groups across the whole instance.
25 3. Save your changes
25 3. Save your changes
@@ -31,7 +31,7 b' Setting User Group defaults'
31
31
32 To set default user group permissions, use the following steps.
32 To set default user group permissions, use the following steps.
33
33
34 1. From the |RCM| interface, select :menuselection:`Admin --> User groups`
34 1. From the |RCE| interface, select :menuselection:`Admin --> User groups`
35 2. Select :guilabel:`Permissions`, and configure the default user
35 2. Select :guilabel:`Permissions`, and configure the default user
36 permissions. All users will get these permissions unless
36 permissions. All users will get these permissions unless
37 individually set.
37 individually set.
@@ -48,7 +48,7 b' Setting Repository defaults'
48
48
49 To set default |repo| permissions, use the following steps.
49 To set default |repo| permissions, use the following steps.
50
50
51 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`
51 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`
52 2. Select the :guilabel:`Object` tab from the left-hand menu and set the
52 2. Select the :guilabel:`Object` tab from the left-hand menu and set the
53 |perm| permissions
53 |perm| permissions
54 3. Save your changes
54 3. Save your changes
@@ -60,7 +60,7 b' Setting Repository Group defaults'
60
60
61 To set default Repository Group permissions, use the following steps.
61 To set default Repository Group permissions, use the following steps.
62
62
63 1. From the |RCM| interface, select :menuselection:`Admin --> Repository Groups`
63 1. From the |RCE| interface, select :menuselection:`Admin --> Repository Groups`
64 2. Select :guilabel:`Edit` beside the |repo| group you wish to configure
64 2. Select :guilabel:`Edit` beside the |repo| group you wish to configure
65 3. On the left-hand pane select :guilabel:`Permissions`
65 3. On the left-hand pane select :guilabel:`Permissions`
66 4. Set the default permissions for all |repos| created in this group
66 4. Set the default permissions for all |repos| created in this group
Show file before | Show file after | Hide comments
@@ -3,12 +3,12 b''
3 Repository Administration
3 Repository Administration
4 =========================
4 =========================
5
5
6 Repository permissions in |RCM| can be managed in a number of different ways.
6 Repository permissions in |RCE| can be managed in a number of different ways.
7 This overview should give you an insight into how you could adopt particular
7 This overview should give you an insight into how you could adopt particular
8 settings for your needs:
8 settings for your needs:
9
9
10 * Global |repo| permissions: This allows you to set the default permissions
10 * Global |repo| permissions: This allows you to set the default permissions
11 for each new |repo| created within |RCM|, see :ref:`repo-default-ref`. All
11 for each new |repo| created within |RCE|, see :ref:`repo-default-ref`. All
12 |repos| created will inherit these permissions unless explicitly configured.
12 |repos| created will inherit these permissions unless explicitly configured.
13 * Individual |repo| permissions: To set individual |repo| permissions,
13 * Individual |repo| permissions: To set individual |repo| permissions,
14 see :ref:`set-repo-perms`.
14 see :ref:`set-repo-perms`.
Show file before | Show file after | Hide comments
@@ -59,7 +59,7 b' Supported Browsers'
59 System Requirements
59 System Requirements
60 -------------------
60 -------------------
61
61
62 |RCM| performs best on machines with ultra-fast hard disks. Generally disk
62 |RCE| performs best on machines with ultra-fast hard disks. Generally disk
63 performance is more important than CPU performance. In a corporate production
63 performance is more important than CPU performance. In a corporate production
64 environment handling 1000s of users and |repos| you should deploy on a 12+
64 environment handling 1000s of users and |repos| you should deploy on a 12+
65 core 64GB RAM server. In short, the more RAM the better.
65 core 64GB RAM server. In short, the more RAM the better.
@@ -68,7 +68,7 b' core 64GB RAM server. In short, the more'
68 For example:
68 For example:
69
69
70 - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
70 - for team of 1 - 5 active users you can run on 1GB RAM machine with 1CPU
71 - above 250 active users, |RCM| needs at least 8GB of memory.
71 - above 250 active users, |RCE| needs at least 8GB of memory.
72 Number of CPUs is less important, but recommended to have at least 2-3 CPUs
72 Number of CPUs is less important, but recommended to have at least 2-3 CPUs
73
73
74
74
@@ -114,7 +114,7 b' Connection Methods'
114
114
115 * HTTPS
115 * HTTPS
116 * SSH
116 * SSH
117 * |RCM| API
117 * |RCE| API
118
118
119 Internationalization Support
119 Internationalization Support
120 ----------------------------
120 ----------------------------
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 User Administration
3 User Administration
4 ===================
4 ===================
5
5
6 |RCM| enables you to define permissions for the following entities within the
6 |RCE| enables you to define permissions for the following entities within the
7 system; **users**, **user groups**, **repositories**, **repository groups**.
7 system; **users**, **user groups**, **repositories**, **repository groups**.
8
8
9 Within each one of these entities you can set default settings,
9 Within each one of these entities you can set default settings,
Show file before | Show file after | Hide comments
@@ -3,13 +3,13 b''
3 VCS Server Management
3 VCS Server Management
4 ---------------------
4 ---------------------
5
5
6 The VCS Server handles |RCM| backend functionality. You need to configure
6 The VCS Server handles |RCE| backend functionality. You need to configure
7 a VCS Server to run with a |RCM| instance. If you do not, you will be missing
7 a VCS Server to run with a |RCE| instance. If you do not, you will be missing
8 the connection between |RCM| and its |repos|. This will cause error messages
8 the connection between |RCE| and its |repos|. This will cause error messages
9 on the web interface. You can run your setup in the following configurations,
9 on the web interface. You can run your setup in the following configurations,
10 currently the best performance is one of following:
10 currently the best performance is one of following:
11
11
12 * One VCS Server per |RCM| instance.
12 * One VCS Server per |RCE| instance.
13 * One VCS Server handling multiple instances.
13 * One VCS Server handling multiple instances.
14
14
15 .. important::
15 .. important::
@@ -49,7 +49,7 b' To configure a |RCE| instance to use a V'
49 |RCE| VCS Server Options
49 |RCE| VCS Server Options
50 ^^^^^^^^^^^^^^^^^^^^^^^^
50 ^^^^^^^^^^^^^^^^^^^^^^^^
51
51
52 The following list shows the available options on the |RCM| side of the
52 The following list shows the available options on the |RCE| side of the
53 connection to the VCS Server. The settings are configured per
53 connection to the VCS Server. The settings are configured per
54 instance in the
54 instance in the
55 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
55 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
@@ -75,7 +75,7 b' instance in the'
75
75
76 \vcs.server <host:port>
76 \vcs.server <host:port>
77 Set the host, either hostname or IP Address, and port of the VCS server
77 Set the host, either hostname or IP Address, and port of the VCS server
78 you wish to run with your |RCM| instance.
78 you wish to run with your |RCE| instance.
79
79
80 .. code-block:: ini
80 .. code-block:: ini
81
81
Show file before | Show file after | Hide comments
@@ -22,12 +22,12 b' API access can also be turned on for eac'
22 decorated with a `@LoginRequired` decorator. To enable API access, change
22 decorated with a `@LoginRequired` decorator. To enable API access, change
23 the standard login decorator to `@LoginRequired(api_access=True)`.
23 the standard login decorator to `@LoginRequired(api_access=True)`.
24
24
25 From |RCM| version 1.7.0 you can configure a white list
25 From |RCE| version 1.7.0 you can configure a white list
26 of views that have API access enabled by default. To enable these,
26 of views that have API access enabled by default. To enable these,
27 edit the |RCM| configuration ``.ini`` file. The default location is:
27 edit the |RCE| configuration ``.ini`` file. The default location is:
28
28
29 * |RCM| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
29 * |RCE| Pre-2.2.7 :file:`root/rhodecode/data/production.ini`
30 * |RCM| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
30 * |RCE| 3.0 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
31
31
32 To configure the white list, edit this section of the file. In this
32 To configure the white list, edit this section of the file. In this
33 configuration example, API access is granted to the patch/diff raw file and
33 configuration example, API access is granted to the patch/diff raw file and
Show file before | Show file after | Hide comments
@@ -5,8 +5,8 b' Crowd'
5
5
6 To enable Crowd authentication, use the following steps:
6 To enable Crowd authentication, use the following steps:
7
7
8 1. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
8 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
9 2. Enable the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
9 2. Activate the ``rhodecode.lib.auth_modules.auth_crowd`` library and select
10 :guilabel:`Save`
10 :guilabel:`Save`
11 3. On the Crowd plugin settings section, do the following:
11 3. On the Crowd plugin settings section, do the following:
12
12
Show file before | Show file after | Hide comments
@@ -3,25 +3,24 b''
3 LDAP/AD With User Groups Sync
3 LDAP/AD With User Groups Sync
4 -----------------------------
4 -----------------------------
5
5
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
6 **This plugin is available only in EE Edition.**
7
8 |RCE| supports LDAP (Lightweight Directory Access Protocol) or
7 AD (active Directory) authentication.
9 AD (active Directory) authentication.
8 All LDAP versions are supported, with the following |RCM| plugins managing each:
10 All LDAP versions are currently supported.
9
10 * For LDAP/AD with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
11
11
12 RhodeCode reads all data defined from plugin and creates corresponding
12 RhodeCode reads all data defined from plugin and creates corresponding
13 accounts on local database after receiving data from LDAP. This is done on
13 accounts on local database after receiving data from LDAP. This is done on
14 every user log-in including operations like pushing/pulling/checkout.
14 every user log-in including operations like pushing/pulling/checkout.
15 In addition group membership is read from LDAP and following operations are done:
15 In addition group membership is read from LDAP and following operations are done:
16
16
17 - automatic addition of user to |RCM| user group
17 - automatic addition of user to |RCE| user group
18 - automatic removal of user from any other |RCM| user groups not specified in LDAP.
18 - automatic removal of user from any other |RCE| user groups not specified in LDAP.
19 The removal is done *only* on groups that are marked to be synced from ldap.
19 The removal is done *only* on groups that are marked to be synced from ldap.
20 This setting can be changed in advanced settings on user groups
20 This setting can be changed in advanced settings on user groups
21 - automatic creation of user groups if they aren't yet existing in |RCM|
21 - automatic creation of user groups if they aren't yet existing in |RCE|
22 - marking user as super-admins if he is a member of any admin group defined in plugin settings
22 - marking user as super-admins if he is a member of any admin group defined in plugin settings
23
23
24 This plugin is available only in EE Edition.
25
24
26 .. important::
25 .. important::
27
26
@@ -39,11 +38,12 b' LDAP Configuration Steps'
39
38
40 To configure |LDAP|, use the following steps:
39 To configure |LDAP|, use the following steps:
41
40
42 1. From the |RCM| interface, select
41 1. From the |RCE| interface, select
43 :menuselection:`Admin --> Authentication`
42 :menuselection:`Admin --> Authentication`
44 2. Enable the ldap+ groups plugin and select :guilabel:`Save`
43 2. Activate the `LDAP + User Groups` plugin and select :guilabel:`Save`
45 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
44 3. Go to newly available menu option called `LDAP + User Groups` on the left side.
46 4. Add the required LDAP information and :guilabel:`Save`, for more details,
45 4. Check the `enabled` check box in the plugin configuration section,
46 and fill in the required LDAP information and :guilabel:`Save`, for more details,
47 see :ref:`config-ldap-groups-examples`
47 see :ref:`config-ldap-groups-examples`
48
48
49 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
49 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -52,59 +52,107 b' For a more detailed description of LDAP '
52
52
53 Example LDAP configuration
53 Example LDAP configuration
54 ^^^^^^^^^^^^^^^^^^^^^^^^^^
54 ^^^^^^^^^^^^^^^^^^^^^^^^^^
55 .. code-block:: bash
55
56 Below is example setup that can be used with Active Directory and LDAP server with groups sync::
57
58 *option*: `enabled` => `True`
59 # Enable or disable this authentication plugin.
60
61 *option*: `cache_ttl` => `360`
62 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
63 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
64
65 *option*: `host` => `192.168.245.143,192.168.1.240`
66 # Host[s] of the LDAP Server
67 # (e.g., 192.168.2.154, or ldap-server.domain.com.
68 # Multiple servers can be specified using commas
69
70 *option*: `port` => `389`
71 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
72
73 *option*: `timeout` => `300`
74 # Timeout for LDAP connection
75
76 *option*: `dn_user` => `Administrator@rhodecode.com`
77 # Optional user DN/account to connect to LDAP if authentication is required.
78 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
79
80 *option*: `dn_pass` => `SomeSecret`
81 # Password to authenticate for given user DN.
82
83 *option*: `tls_kind` => `PLAIN`
84 # TLS Type
85
86 *option*: `tls_reqcert` => `NEVER`
87 # Require Cert over TLS?. Self-signed and custom certificates can be used when
88 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
89
90 *option*: `tls_cert_file` => ``
91 # This specifies the PEM-format file path containing certificates for use in TLS connection.
92 # If not specified `TLS Cert dir` will be used
93
94 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
95 # This specifies the path of a directory that contains individual CA certificates in separate files.
96
97 *option*: `base_dn` => `dc=rhodecode,dc=com`
98 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
99 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
100
101 *option*: `user_search_base` => `ou=RC-Users`
102 # User search base will extend the Base DN
103 # (e.g., ou=Users will result in ou=Users,dc=mydomain,dc=com root DN)
56
104
57 # Auth Cache TTL, Defines the caching for authentication to offload LDAP server.
105 *option*: `user_search_filter` => ``
58 # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access
106 # Filter to narrow results
59 3600
107 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
60 # Host, comma seperated format is optionally possible to specify more than 1 server
108 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
61 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
109
62 # Default LDAP Port, use 689 for LDAPS
110 *option*: `search_scope` => `SUBTREE`
63 389
111 # How deep to search LDAP. If unsure set to SUBTREE
64 # Account, used for SimpleBind if LDAP server requires an authentication
112
65 e.g admin@server.com
113 *option*: `attr_login` => `sAMAccountName`
66 # Password used for simple bind
114 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
67 ldap-user-password
115
68 # LDAP connection security
116 *option*: `attr_email` => `mail`
69 LDAPS
117 # LDAP Attribute to map to email address (e.g., mail).
70 # Certificate checks level
118 # Emails are a crucial part of RhodeCode.
71 DEMAND
119 # If possible add a valid email attribute to ldap users.
72 # Base DN
120
73 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
121 *option*: `attr_firstname` => `givenName`
74 # User Search Base
122 # LDAP Attribute to map to first name (e.g., givenName)
75 ou=groups,ou=users
123
76 # LDAP search filter to narrow the results
124 *option*: `attr_lastname` => `sn`
77 (objectClass=person)
125 # LDAP Attribute to map to last name (e.g., sn)
78 # LDAP search scope
126
79 SUBTREE
127 *option*: `group_extraction_type` => `rfc2307bis`
80 # Login attribute
128 # With rfc2307, group members are listed by name in the memberUid attribute
81 sAMAccountName
129 # With rfc2307bis (Microsoft AD compatible) group members are listed by DN and stored in the member attribute
82 # First Name Attribute to read
83 givenName
84 # Last Name Attribute to read
85 sn
86 # Email Attribute to read email address from
87 mail
88 # group extraction method
89 rfc2307bis
90 # Group search base
91 ou=RC-Groups
92 # Group Name Attribute, field to read the group name from
93 sAMAAccountName
94 # User Member of Attribute, field in which groups are stored
95 memberOf
96 # LDAP Group Search Filter, allows narrowing the results
97
130
98 # Admin Groups. Comma separated list of groups. If user is member of
131 *option*: `group_search_base` => `ou=RC-Groups`
99 # any of those he will be marked as super-admin in RhodeCode
132 # Group search base will extend the Base DN (e.g. ou=Groups will result in ou=Groups,dc=mydomain,dc=com)
100 admins, management
101
133
134 *option*: `group_name_attr` => `sAMAccountName`
135 # LDAP Attribute to map to group name (e.g., cn, or sAMAccountName)
136
137 *option*: `user_member_of` => `memberOf`
138 # Users Attribute used to fetch the group membership.
139 # Use if users have stored group membership inside their attributes
140 # (e.g., memberOf, or userMemberOf)
102
141
103 Below is example setup that can be used with Active Directory and ldap groups.
142 *option*: `group_search_filter` => ``
143 # Filter to narrow results (e.g., (&(objectCategory=Group)(objectClass=group)), etc)
144
145 *option*: `group_member_of` => `memberOf`
146 # LDAP Attribute used to resolve the parent group (e.g., memberOf)
104
147
105 .. image:: ../images/ldap-groups-example.png
148 *option*: `admin_groups` => `Admins,Management`
106 :alt: LDAP/AD setup example
149 # A comma separated list of group names that identify users as RhodeCode Administrators (e.g., admins)
107 :scale: 50 %
150
151 *option*: `admin_groups_sync` => `full`
152 # Way to sync Admin groups.
153 # Full means admin flag is set to on or off according to membership in administrator group defined above.
154 # On-only means the flag is only set to on, and not turned off once user is no longer a member
155
108
156
109 .. toctree::
157 .. toctree::
110
158
Show file before | Show file after | Hide comments
@@ -3,11 +3,9 b''
3 LDAP/AD
3 LDAP/AD
4 -------
4 -------
5
5
6 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
6 |RCE| supports LDAP (Lightweight Directory Access Protocol) or
7 AD (active Directory) authentication.
7 AD (active Directory) authentication.
8 All LDAP versions are supported, with the following |RCM| plugins managing each:
8 All LDAP versions are currently supported.
9
10 * For LDAP or Active Directory use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
11
9
12 RhodeCode reads all data defined from plugin and creates corresponding
10 RhodeCode reads all data defined from plugin and creates corresponding
13 accounts on local database after receiving data from LDAP. This is done on
11 accounts on local database after receiving data from LDAP. This is done on
@@ -30,11 +28,12 b' LDAP Configuration Steps'
30
28
31 To configure |LDAP|, use the following steps:
29 To configure |LDAP|, use the following steps:
32
30
33 1. From the |RCM| interface, select
31 1. From the |RCE| interface, select
34 :menuselection:`Admin --> Authentication`
32 :menuselection:`Admin --> Authentication`
35 2. Enable the ldap plugin and select :guilabel:`Save`
33 2. Activate the `LDAP` plugin and select :guilabel:`Save`
36 3. Select the :guilabel:`Enabled` check box in the plugin configuration section
34 3. Go to newly available menu option called `LDAP` on the left side.
37 4. Add the required LDAP information and :guilabel:`Save`, for more details,
35 4. Check the `enabled` check box in the plugin configuration section,
36 and fill in the required LDAP information and :guilabel:`Save`, for more details,
38 see :ref:`config-ldap-examples`
37 see :ref:`config-ldap-examples`
39
38
40 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
39 For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
@@ -43,44 +42,73 b' For a more detailed description of LDAP '
43
42
44 Example LDAP configuration
43 Example LDAP configuration
45 ^^^^^^^^^^^^^^^^^^^^^^^^^^
44 ^^^^^^^^^^^^^^^^^^^^^^^^^^
46 .. code-block:: bash
45
46 Below is example setup that can be used with Active Directory/LDAP server::
47
48 *option*: `enabled` => `True`
49 # Enable or disable this authentication plugin.
50
51 *option*: `cache_ttl` => `360`
52 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
53 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
54
55 *option*: `host` => `192.168.245.143,192.168.1.240`
56 # Host[s] of the LDAP Server
57 # (e.g., 192.168.2.154, or ldap-server.domain.com.
58 # Multiple servers can be specified using commas
59
60 *option*: `port` => `389`
61 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
62
63 *option*: `timeout` => `300`
64 # Timeout for LDAP connection
65
66 *option*: `dn_user` => `Administrator@rhodecode.com`
67 # Optional user DN/account to connect to LDAP if authentication is required.
68 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
69
70 *option*: `dn_pass` => `SomeSecret`
71 # Password to authenticate for given user DN.
72
73 *option*: `tls_kind` => `PLAIN`
74 # TLS Type
47
75
48 # Auth Cache TTL, Defines the caching for authentication to offload LDAP server.
76 *option*: `tls_reqcert` => `NEVER`
49 # This means that cache result will be saved for 3600 before contacting LDAP server to verify the user access
77 # Require Cert over TLS?. Self-signed and custom certificates can be used when
50 3600
78 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
51 # Host, comma seperated format is optionally possible to specify more than 1 server
79
52 https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
80 *option*: `tls_cert_file` => ``
53 # Default LDAP Port, use 689 for LDAPS
81 # This specifies the PEM-format file path containing certificates for use in TLS connection.
54 389
82 # If not specified `TLS Cert dir` will be used
55 # Account, used for SimpleBind if LDAP server requires an authentication
83
56 e.g admin@server.com
84 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
57 # Password used for simple bind
85 # This specifies the path of a directory that contains individual CA certificates in separate files.
58 ldap-user-password
86
59 # LDAP connection security
87 *option*: `base_dn` => `cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com`
60 LDAPS
88 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
61 # Certificate checks level
89 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
62 DEMAND
63 # Base DN
64 cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
65 # LDAP search filter to narrow the results
66 (objectClass=person)
67 # LDAP search scope
68 SUBTREE
69 # Login attribute
70 sAMAccountName
71 # First Name Attribute to read
72 givenName
73 # Last Name Attribute to read
74 sn
75 # Email Attribute to read email address from
76 mail
77
90
91 *option*: `filter` => `(objectClass=person)`
92 # Filter to narrow results
93 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
94 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
78
95
79 Below is example setup that can be used with Active Directory/LDAP server.
96 *option*: `search_scope` => `SUBTREE`
97 # How deep to search LDAP. If unsure set to SUBTREE
98
99 *option*: `attr_login` => `sAMAccountName`
100 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
80
101
81 .. image:: ../images/ldap-example.png
102 *option*: `attr_email` => `mail`
82 :alt: LDAP/AD setup example
103 # LDAP Attribute to map to email address (e.g., mail).
83 :scale: 50 %
104 # Emails are a crucial part of RhodeCode.
105 # If possible add a valid email attribute to ldap users.
106
107 *option*: `attr_firstname` => `givenName`
108 # LDAP Attribute to map to first name (e.g., givenName)
109
110 *option*: `attr_lastname` => `sn`
111 # LDAP Attribute to map to last name (e.g., sn)
84
112
85
113
86 .. toctree::
114 .. toctree::
Show file before | Show file after | Hide comments
@@ -5,8 +5,8 b' PAM'
5
5
6 To enable PAM authentication, use the following steps:
6 To enable PAM authentication, use the following steps:
7
7
8 1. From the |RCM| interface, go to :menuselection:`Admin --> Authentication`
8 1. From the |RCE| interface, go to :menuselection:`Admin --> Authentication`
9 2. Enable the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
9 2. Activate the ``rhodecode.lib.auth_modules.auth_pam`` library and select save
10 3. On the PAM plugin settings section, do the following:
10 3. On the PAM plugin settings section, do the following:
11
11
12 * Check the :guilabel:`Enable` checkbox
12 * Check the :guilabel:`Enable` checkbox
Show file before | Show file after | Hide comments
@@ -3,7 +3,10 b''
3 Authentication Tokens
3 Authentication Tokens
4 ---------------------
4 ---------------------
5
5
6 |RCE| has 4 different kinds of authentication tokens.
6 |RCE| has 4 different kinds of authentication tokens. `API token`, `Feed tokens` work
7 without a need to enable any additional authentication. `VCS tokens` require dedicated
8 authentication plugin to be activated. `Web Interface tokens` are controlled by the
9 white_list configuration.
7
10
8 * *API tokens*: API tokens can only be used to execute |RCE| API operations.
11 * *API tokens*: API tokens can only be used to execute |RCE| API operations.
9 You can store your API token and assign it to each instance in
12 You can store your API token and assign it to each instance in
@@ -11,15 +14,7 b' Authentication Tokens'
11 example in :ref:`indexing-ref` section for more details.
14 example in :ref:`indexing-ref` section for more details.
12
15
13 * *Feed tokens*: The feed token can only be used to access the RSS feed.
16 * *Feed tokens*: The feed token can only be used to access the RSS feed.
14 Usually those are safe to store inside your RSS feed reader.
17 Usually those are safe to store inside your RSS feed reader.
15
16 * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
17 operations instead of a password. They are designed to be used with
18 CI Servers or other third party tools that require |repo| access.
19 They are also a good replacement for SSH based access.
20 To use these tokens you need be enabled special authentication method on
21 |RCE|, as they are disabled by default.
22 See :ref:`enable-vcs-tokens`.
23
18
24 * *Web Interface tokens*: These token allows users to access the web
19 * *Web Interface tokens*: These token allows users to access the web
25 interface of |RCE| without logging in.
20 interface of |RCE| without logging in.
@@ -41,7 +36,16 b' Authentication Tokens'
41 https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
36 https://rhodecode.com/repo/archive/tip.zip?auth_token=<web-api-token>
42
37
43 # To show commit diff without logging into Web UI
38 # To show commit diff without logging into Web UI
44 https://rhodecode.com/repo/changeset-diff/<sha>?auth_token=<web-api-token>
39 https://rhodecode.com/repo/raw-diff/<sha>?auth_token=<web-api-token>
40
41 * *VCS tokens*: You can use these to authenticate with |git|, |hg| and |svn|
42 operations instead of a password. They are designed to be used with
43 CI Servers or other third party tools that require |repo| access.
44 They are also a good replacement for SSH based access.
45 To use these tokens you need be enabled special authentication method on
46 |RCE|, as they are disabled by default.
47 See :ref:`enable-vcs-tokens`.
48
45
49
46 .. _enable-vcs-tokens:
50 .. _enable-vcs-tokens:
47
51
@@ -51,7 +55,7 b' Enabling VCS Tokens'
51 To enable VCS Tokens, use the following steps:
55 To enable VCS Tokens, use the following steps:
52
56
53 1. Go to :menuselection:`Admin --> Authentication`.
57 1. Go to :menuselection:`Admin --> Authentication`.
54 2. Enable the ``rhodecode.lib.auth_modules.auth_token`` plugin.
58 2. Activate the ``rhodecode.lib.auth_modules.auth_token`` plugin.
55 3. Click :guilabel:`Save`.
59 3. Click :guilabel:`Save`.
56
60
57 Authentication Token Tips
61 Authentication Token Tips
@@ -67,7 +71,7 b' Creating Tokens'
67
71
68 To create authentication tokens for an user, use the following steps:
72 To create authentication tokens for an user, use the following steps:
69
73
70 1. From the |RCM| interface go to
74 1. From the |RCE| interface go to
71 :menuselection:`Username --> My Account --> Auth tokens`.
75 :menuselection:`Username --> My Account --> Auth tokens`.
72
76
73 2. Label and Add the tokens you wish to use with |RCE|.
77 2. Label and Add the tokens you wish to use with |RCE|.
Show file before | Show file after | Hide comments
@@ -4,29 +4,31 b' Authentication Options'
4 ======================
4 ======================
5
5
6 |RCE| provides a built in authentication against its own database. This is
6 |RCE| provides a built in authentication against its own database. This is
7 implemented using ``rhodecode.lib.auth_rhodecode`` plugin. This plugin is
7 implemented using ``RhodeCode Internal`` plugin. This plugin is enabled by default.
8 enabled by default.
9 Additionally, |RCE| provides a Pluggable Authentication System. This gives the
8 Additionally, |RCE| provides a Pluggable Authentication System. This gives the
10 administrator greater control over how users authenticate with the system.
9 administrator greater control over how users authenticate with the system.
11
10
12 .. important::
11 .. important::
13
12
14 You can disable the built in |RCM| authentication plugin
13 You can disable the built in |RCE| authentication plugin
15 ``rhodecode.lib.auth_rhodecode`` and force all authentication to go
14 ``RhodeCode Internal`` and force all authentication to go
16 through your authentication plugin of choice e.g LDAP only.
15 through your authentication plugin of choice e.g LDAP only.
17 However, if you do this, and your external authentication tools fails,
16 However, if you do this, and your external authentication tools fails,
18 you will be unable to access |RCM|.
17 accessing |RCE| will be blocked unless a fallback plugin is
18 enabled via :file: rhodecode.ini
19
19
20 |RCM| comes with the following user authentication management plugins:
20
21 |RCE| comes with the following user authentication management plugins:
21
22
22
23
23 .. toctree::
24 .. toctree::
24
25
26 auth-token
25 auth-ldap
27 auth-ldap
26 auth-ldap-groups
28 auth-ldap-groups
29 auth-saml-generic
30 auth-saml-onelogin
31 auth-saml-duosecurity
27 auth-crowd
32 auth-crowd
28 auth-pam
33 auth-pam
29 auth-token
30 ssh-connection
34 ssh-connection
31
32
Show file before | Show file after | Hide comments
@@ -3,27 +3,73 b''
3 Active Directory
3 Active Directory
4 ----------------
4 ----------------
5
5
6 |RCM| can use Microsoft Active Directory for user authentication. This is
6 |RCE| can use Microsoft Active Directory for user authentication. This is
7 done through an LDAP or LDAPS connection to Active Directory. Use the
7 done through an LDAP or LDAPS connection to Active Directory. Use the
8 following example LDAP configuration setting to set your Active Directory
8 following example LDAP configuration setting to set your Active Directory
9 authentication.
9 authentication::
10
11 .. code-block:: ini
12
13 # Set the Base DN
14 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
15 # Set the Active Directory SAM-Account-Name
16 Login Attribute = sAMAccountName
17 # Set the Active Directory user name
18 First Name Attribute = usernameame
19 # Set the Active Directory user surname
20 Last Name Attribute = user_surname
21 # Set the Active Directory user email
22 E-mail Attribute = userEmail
23
10
24
11
25 Below is example setup that can be used with Active Directory and ldap groups.
12 *option*: `enabled` => `True`
13 # Enable or disable this authentication plugin.
14
15 *option*: `cache_ttl` => `360`
16 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
17 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
18
19 *option*: `host` => `192.168.245.143,192.168.1.240`
20 # Host[s] of the LDAP Server
21 # (e.g., 192.168.2.154, or ldap-server.domain.com.
22 # Multiple servers can be specified using commas
23
24 *option*: `port` => `389`
25 # Custom port that the LDAP server is listening on. Default value is: 389, use 689 for LDAPS(SSL)
26
27 *option*: `timeout` => `300`
28 # Timeout for LDAP connection
29
30 *option*: `dn_user` => `Administrator@rhodecode.com`
31 # Optional user DN/account to connect to LDAP if authentication is required.
32 # e.g., cn=admin,dc=mydomain,dc=com, or uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com
33
34 *option*: `dn_pass` => `SomeSecret`
35 # Password to authenticate for given user DN.
36
37 *option*: `tls_kind` => `PLAIN`
38 # TLS Type
39
40 *option*: `tls_reqcert` => `NEVER`
41 # Require Cert over TLS?. Self-signed and custom certificates can be used when
42 # `RhodeCode Certificate` found in admin > settings > system info page is extended.
26
43
27 .. image:: ../images/ldap-groups-example.png
44 *option*: `tls_cert_file` => ``
28 :alt: LDAP/AD setup example
45 # This specifies the PEM-format file path containing certificates for use in TLS connection.
29 :scale: 50 % No newline at end of file
46 # If not specified `TLS Cert dir` will be used
47
48 *option*: `tls_cert_dir` => `/etc/openldap/cacerts`
49 # This specifies the path of a directory that contains individual CA certificates in separate files.
50
51 *option*: `base_dn` => `OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local`
52 # Base DN to search. Dynamic bind is supported. Add `$login` marker in it to be replaced with current user credentials
53 # (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)
54
55 *option*: `filter` => `(objectClass=person)`
56 # Filter to narrow results
57 # (e.g., (&(objectCategory=Person)(objectClass=user)), or
58 # (memberof=cn=rc-login,ou=groups,ou=company,dc=mydomain,dc=com)))
59
60 *option*: `search_scope` => `SUBTREE`
61 # How deep to search LDAP. If unsure set to SUBTREE
62
63 *option*: `attr_login` => `sAMAccountName`
64 # LDAP Attribute to map to user name (e.g., uid, or sAMAccountName)
65
66 *option*: `attr_email` => `userEmail`
67 # LDAP Attribute to map to email address (e.g., mail).
68 # Emails are a crucial part of RhodeCode.
69 # If possible add a valid email attribute to ldap users.
70
71 *option*: `attr_firstname` => `user_firstname`
72 # LDAP Attribute to map to first name (e.g., givenName)
73
74 *option*: `attr_lastname` => `user_surname`
75 # LDAP Attribute to map to last name (e.g., sn)
Show file before | Show file after | Hide comments
@@ -46,7 +46,7 b' The following LDAP attributes are requir'
46 * The LDAP username or account used to connect to |RCE|. This will be added
46 * The LDAP username or account used to connect to |RCE|. This will be added
47 to the LDAP filter for locating the user object.
47 to the LDAP filter for locating the user object.
48 * For example, if an LDAP filter is specified as `LDAPFILTER`,
48 * For example, if an LDAP filter is specified as `LDAPFILTER`,
49 the login attribute is specified as `uid`, and the user connects as
49 the login/username attribute is specified as `uid`, and the user connects as
50 `jsmith`, then the LDAP Filter will be like the following example.
50 `jsmith`, then the LDAP Filter will be like the following example.
51
51
52 .. code-block:: vim
52 .. code-block:: vim
@@ -68,7 +68,7 b' The following LDAP attributes are requir'
68 Optional settings
68 Optional settings
69 ^^^^^^^^^^^^^^^^^
69 ^^^^^^^^^^^^^^^^^
70
70
71 The following are optional when enabling LDAP on |RCM|
71 The following are optional when enabling LDAP on |RCE|
72
72
73 * An LDAP account is only required if the LDAP server does not allow
73 * An LDAP account is only required if the LDAP server does not allow
74 anonymous browsing of records.
74 anonymous browsing of records.
@@ -104,10 +104,4 b' The following are optional when enabling'
104 following directory: `/etc/openldap/cacerts`
104 following directory: `/etc/openldap/cacerts`
105
105
106
106
107 Below is example setup that can be used with Active Directory and ldap groups.
108
109 .. image:: ../images/ldap-groups-example.png
110 :alt: LDAP/AD setup example
111 :scale: 50 %
112
113 .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html No newline at end of file
107 .. _RFC 2254: http://www.rfc-base.org/rfc-2254.html
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Code Review
3 Code Review
4 ===========
4 ===========
5
5
6 |RCM| provides two ways in which you can review code. You can review |prs| or
6 |RCE| provides two ways in which you can review code. You can review |prs| or
7 commits. To better understand |prs|, see the :ref:`pull-requests-ref`
7 commits. To better understand |prs|, see the :ref:`pull-requests-ref`
8 and :ref:`collaborate-ref` sections. For more information about why
8 and :ref:`collaborate-ref` sections. For more information about why
9 code review matters, see these posts on the topic:
9 code review matters, see these posts on the topic:
Show file before | Show file after | Hide comments
@@ -16,7 +16,7 b' review purposes.'
16 Reviewing Changes
16 Reviewing Changes
17 -----------------
17 -----------------
18
18
19 |RCM| displays all code changes made with each commit. Removed content is
19 |RCE| displays all code changes made with each commit. Removed content is
20 marked in red and new content in green.
20 marked in red and new content in green.
21
21
22 .. image:: ../images/plain-diff.png
22 .. image:: ../images/plain-diff.png
Show file before | Show file after | Hide comments
@@ -10,7 +10,7 b' 3. Leave a commit message that outlines '
10 4. Set the review status to :guilabel:`Approved`
10 4. Set the review status to :guilabel:`Approved`
11 5. Select :guilabel:`Comment`
11 5. Select :guilabel:`Comment`
12
12
13 If you approve the |pr|, you will be able to merge automatically if |RCM|
13 If you approve the |pr|, you will be able to merge automatically if |RCE|
14 detects that it can do so safely. You will see this message:
14 detects that it can do so safely. You will see this message:
15
15
16 :guilabel:`This pull request can be automatically merged.`
16 :guilabel:`This pull request can be automatically merged.`
Show file before | Show file after | Hide comments
@@ -7,7 +7,7 b' Collaboration'
7
7
8 Forking and branching does not work with |svn| |repos|.
8 Forking and branching does not work with |svn| |repos|.
9
9
10 Collaboration in |RCM| is accomplished through a combination of the following
10 Collaboration in |RCE| is accomplished through a combination of the following
11 functions:
11 functions:
12
12
13 .. only:: latex
13 .. only:: latex
Show file before | Show file after | Hide comments
@@ -55,7 +55,7 b' on the web interface. To branch a |git| '
55 $ git commit -a -m "ghost script: initial file"
55 $ git commit -a -m "ghost script: initial file"
56 $ git push
56 $ git push
57
57
58 Once it is pushed to the |RCM| server, you can switch to the newly created
58 Once it is pushed to the |RCE| server, you can switch to the newly created
59 branch using the following steps:
59 branch using the following steps:
60
60
61 1. Select :menuselection:`Admin --> Repositories`.
61 1. Select :menuselection:`Admin --> Repositories`.
Show file before | Show file after | Hide comments
@@ -4,7 +4,7 b' Using Notifications'
4 -------------------
4 -------------------
5
5
6 To notify users of items that require their attention you can use the mention
6 To notify users of items that require their attention you can use the mention
7 function. The mention function allows you to use ``@username`` within |RCM|.
7 function. The mention function allows you to use ``@username`` within |RCE|.
8 The notification function can be used within the following
8 The notification function can be used within the following
9 items to highlight their need for attention:
9 items to highlight their need for attention:
10
10
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Merge a |pr|
3 Merge a |pr|
4 ------------
4 ------------
5
5
6 |RCM| can detect if it can automatically merge the changes in a |pr|. If it
6 |RCE| can detect if it can automatically merge the changes in a |pr|. If it
7 can, you will see the following message:
7 can, you will see the following message:
8 :guilabel:`This pull request can be automatically merged.` To merge,
8 :guilabel:`This pull request can be automatically merged.` To merge,
9 click the big blue button! To enable this feature, see :ref:`server-side-merge`.
9 click the big blue button! To enable this feature, see :ref:`server-side-merge`.
@@ -21,7 +21,7 b' messages:'
21 Manual Merge a |PR|
21 Manual Merge a |PR|
22 ^^^^^^^^^^^^^^^^^^^
22 ^^^^^^^^^^^^^^^^^^^
23
23
24 If |RCM| cannot safely merge the changes in a |pr|,
24 If |RCE| cannot safely merge the changes in a |pr|,
25 usually due to conflicts, you need to manually merge the changes on the
25 usually due to conflicts, you need to manually merge the changes on the
26 command line. You can see more information for each |repo| type at the
26 command line. You can see more information for each |repo| type at the
27 following links:
27 following links:
Show file before | Show file after | Hide comments
@@ -1,7 +1,7 b''
1 Notifications Overview
1 Notifications Overview
2 ----------------------
2 ----------------------
3
3
4 |RCM| has an integrated notification system which alerts users to requests
4 |RCE| has an integrated notification system which alerts users to requests
5 that they have received. Notifications can occur for the following reasons:
5 that they have received. Notifications can occur for the following reasons:
6
6
7 * Pull request reviews
7 * Pull request reviews
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b' Pull request management'
3
3
4 .. only:: html
4 .. only:: html
5
5
6 There are two ways of tracking |prs| within |RCM|.
6 There are two ways of tracking |prs| within |RCE|.
7
7
8 1. :ref:`prs-your-review`
8 1. :ref:`prs-your-review`
9 2. :ref:`prs-per-repo`
9 2. :ref:`prs-per-repo`
@@ -15,7 +15,7 b' Pull requests for your review'
15
15
16 To view pull requests for your review, use the following steps:
16 To view pull requests for your review, use the following steps:
17
17
18 1. From the |RCM| interface, Select
18 1. From the |RCE| interface, Select
19 :menuselection:`username --> Notifications`
19 :menuselection:`username --> Notifications`
20 2. Select :guilabel:`Pull Requests`
20 2. Select :guilabel:`Pull Requests`
21
21
Show file before | Show file after | Hide comments
@@ -20,7 +20,7 b' 3. Set the review status from one of the'
20 4. Select Comment
20 4. Select Comment
21
21
22 When the |pr| is approved by all reviewers you will be able to merge
22 When the |pr| is approved by all reviewers you will be able to merge
23 automatically if |RCM| detects that it can do so safely. You will see this
23 automatically if |RCE| detects that it can do so safely. You will see this
24 message: `This pull request can be automatically merged.`
24 message: `This pull request can be automatically merged.`
25
25
26 If rejected, you can fix the issues raised during review and then update the
26 If rejected, you can fix the issues raised during review and then update the
Show file before | Show file after | Hide comments
@@ -1,7 +1,7 b''
1 Supported Workflows
1 Supported Workflows
2 -------------------
2 -------------------
3
3
4 |RCM| can be used to develop using a variety of different workflows.
4 |RCE| can be used to develop using a variety of different workflows.
5
5
6 * Centralized, using |svn|, |git|, or |hg| |repos|
6 * Centralized, using |svn|, |git|, or |hg| |repos|
7 * Feature-Branch, using |git| or |hg| |repos|
7 * Feature-Branch, using |git| or |hg| |repos|
Show file before | Show file after | Hide comments
@@ -20,10 +20,7 b" rst_epilog = '''"
20 .. |psf| replace:: Python Software Foundation
20 .. |psf| replace:: Python Software Foundation
21 .. |repo| replace:: repository
21 .. |repo| replace:: repository
22 .. |repos| replace:: repositories
22 .. |repos| replace:: repositories
23 .. |RCI| replace:: RhodeCode Control
24 .. |RCC| replace:: RhodeCode Control
23 .. |RCC| replace:: RhodeCode Control
25 .. |RCV| replace:: RhodeCode Enterprise
26 .. |RCM| replace:: RhodeCode Enterprise
27 .. |RCE| replace:: RhodeCode Enterprise
24 .. |RCE| replace:: RhodeCode Enterprise
28 .. |RCCE| replace:: RhodeCode Community
25 .. |RCCE| replace:: RhodeCode Community
29 .. |RCEE| replace:: RhodeCode Enterprise
26 .. |RCEE| replace:: RhodeCode Enterprise
@@ -31,6 +28,5 b" rst_epilog = '''"
31 .. |RCT| replace:: RhodeCode Tools
28 .. |RCT| replace:: RhodeCode Tools
32 .. |RCEBOLD| replace:: **RhodeCode Enterprise**
29 .. |RCEBOLD| replace:: **RhodeCode Enterprise**
33 .. |RCEITALICS| replace:: `RhodeCode Enterprise`
30 .. |RCEITALICS| replace:: `RhodeCode Enterprise`
34 .. |RC| replace:: RhodeCode
35 .. |RNS| replace:: Release Notes
31 .. |RNS| replace:: Release Notes
36 '''
32 '''
Show file before | Show file after | Hide comments
@@ -18,7 +18,7 b' so to clarify what is meant each time, r'
18 Hooks
18 Hooks
19 -----
19 -----
20
20
21 Within |RCM| there are two types of supported hooks.
21 Within |RCE| there are two types of supported hooks.
22
22
23 * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are
23 * **Internal built-in hooks**: The internal |hg|, |git| or |svn| hooks are
24 triggered by different VCS operations, like push, pull,
24 triggered by different VCS operations, like push, pull,
Show file before | Show file after | Hide comments
@@ -1,13 +1,13 b''
1 |RCM|
1 |RCE|
2 =====
2 =====
3
3
4 |RCM| is a high-performance source code management and collaboration system.
4 |RCE| is a high-performance source code management and collaboration system.
5 It enables you to develop projects securely behind the firewall while
5 It enables you to develop projects securely behind the firewall while
6 providing collaboration tools that work with |git|, |hg|,
6 providing collaboration tools that work with |git|, |hg|,
7 and |svn| |repos|. The user interface allows you to create, edit,
7 and |svn| |repos|. The user interface allows you to create, edit,
8 and commit files and |repos| while managing their security permissions.
8 and commit files and |repos| while managing their security permissions.
9
9
10 |RCM| provides the following features:
10 |RCE| provides the following features:
11
11
12 * Source code management.
12 * Source code management.
13 * Extended permissions management.
13 * Extended permissions management.
@@ -18,7 +18,7 b' and commit files and |repos| while manag'
18 * Web-based hook management.
18 * Web-based hook management.
19 * Native |svn| support.
19 * Native |svn| support.
20 * Migration from existing databases.
20 * Migration from existing databases.
21 * |RCM| SDK.
21 * |RCE| SDK.
22 * Built-in analytics
22 * Built-in analytics
23 * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat
23 * Built in integrations including: Slack, Webhooks (used for Jenkins/TeamCity and other CIs), Jira, Redmine, Hipchat
24 * Pluggable authentication system.
24 * Pluggable authentication system.
Show file before | Show file after | Hide comments
@@ -5,8 +5,24 b' Supported Databases'
5
5
6 .. important::
6 .. important::
7
7
8 We do not recommend using SQLite in a production environment. It is
8 We do not recommend using SQLite in a production environment of more than 5 people.
9 supported by |RCE| for evaluation purposes.
9 It is not suited for higher usage and mayb cause problems.
10
11
12 |RCE| supports the following databases. The recommended encoding is UTF-8.
13
14 .. only:: latex
15
16 * :ref:`install-sqlite-database`
17 * :ref:`install-mysql-database`
18 * :ref:`install-postgresql-database`
19
20 .. toctree::
21
22 using-mysql
23 using-postgresql
24 using-sqllite
25
10
26
11 Database Overview
27 Database Overview
12 -----------------
28 -----------------
@@ -48,21 +64,3 b' following example to configure the corre'
48 # for the RCE instance you are installing
64 # for the RCE instance you are installing
49 Database name: example-db-name-for-2xx # The 2xx version database
65 Database name: example-db-name-for-2xx # The 2xx version database
50 Database name: example-db-name-for-3xx # The 3xx version database
66 Database name: example-db-name-for-3xx # The 3xx version database
51
52 Supported Databases
53 -------------------
54
55 |RCM| supports the following databases. The recommended encoding is Unicode
56 UTF-8.
57
58 .. only:: latex
59
60 * :ref:`install-sqlite-database`
61 * :ref:`install-mysql-database`
62 * :ref:`install-postgresql-database`
63
64 .. toctree::
65
66 using-mysql
67 using-postgresql
68 using-sqllite
Show file before | Show file after | Hide comments
@@ -4,7 +4,7 b' Post Installation Tasks'
4 =======================
4 =======================
5
5
6 The following tasks are the most common post installation requirements. Use
6 The following tasks are the most common post installation requirements. Use
7 the information in these sections to configure your instance of |RCM|.
7 the information in these sections to configure your instance of |RCE|.
8
8
9 .. toctree::
9 .. toctree::
10
10
Show file before | Show file after | Hide comments
@@ -3,21 +3,21 b''
3 Migrating |repos|
3 Migrating |repos|
4 -----------------
4 -----------------
5
5
6 If you have installed |RCM| and have |repos| that you wish to migrate into
6 If you have installed |RCE| and have |repos| that you wish to migrate into
7 the system, use the following instructions.
7 the system, use the following instructions.
8
8
9 1. On the |RCM| interface, check your |repo| storage location under
9 1. On the |RCE| interface, check your |repo| storage location under
10 :menuselection:`Admin --> Settings --> System Info`. For example,
10 :menuselection:`Admin --> Settings --> System Info`. For example,
11 Storage location: /home/{username}/repos.
11 Storage location: /home/{username}/repos.
12
12
13 2. Copy the |repos| that you want |RCM| to manage to this location.
13 2. Copy the |repos| that you want |RCE| to manage to this location.
14 3. Remap and rescan the |repos|, see :ref:`remap-rescan`
14 3. Remap and rescan the |repos|, see :ref:`remap-rescan`
15
15
16 .. important::
16 .. important::
17
17
18 Directories create |repo| groups inside |RCM|.
18 Directories create |repo| groups inside |RCE|.
19
19
20 Importing adds |RCM| git hooks to your |repos|.
20 Importing adds |RCE| git hooks to your |repos|.
21
21
22 You should verify if custom ``.hg`` or ``.hgrc`` files inside
22 You should verify if custom ``.hg`` or ``.hgrc`` files inside
23 repositories should be adjusted since |RCM| reads the content of them.
23 repositories should be adjusted since |RCE| reads the content of them.
Show file before | Show file after | Hide comments
@@ -27,9 +27,12 b' 2. Run the |RCC| installer and accept th'
27
27
28 .. code-block:: bash
28 .. code-block:: bash
29
29
30 $ chmod 755 RhodeCode-installer-linux-*
30 $ chmod +x RhodeCode-installer-linux-*
31 $ ./RhodeCode-installer-linux-*
31 $ ./RhodeCode-installer-linux-*
32
32
33 Do you accept the RhodeCode Control license?
34 Press [Y] to accept license and [V] to view license text: y
35
33 3. Install a VCS Server, and configure it to start at boot.
36 3. Install a VCS Server, and configure it to start at boot.
34
37
35 .. code-block:: bash
38 .. code-block:: bash
Show file before | Show file after | Hide comments
@@ -3,12 +3,12 b''
3 Set up Email
3 Set up Email
4 ------------
4 ------------
5
5
6 To setup email with your |RCM| instance, open the default
6 To setup email with your |RCE| instance, open the default
7 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
7 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
8 file and uncomment and configure the email section. If it is not there,
8 file and uncomment and configure the email section. If it is not there,
9 use the below example to insert it.
9 use the below example to insert it.
10
10
11 Once configured you can check the settings for your |RCM| instance on the
11 Once configured you can check the settings for your |RCE| instance on the
12 :menuselection:`Admin --> Settings --> Email` page.
12 :menuselection:`Admin --> Settings --> Email` page.
13
13
14 .. code-block:: ini
14 .. code-block:: ini
Show file before | Show file after | Hide comments
@@ -4,15 +4,15 b' MySQL or MariaDB'
4 ----------------
4 ----------------
5
5
6 To use a MySQL or MariaDB database you should install and configure the
6 To use a MySQL or MariaDB database you should install and configure the
7 database before installing |RCM|. This is because during |RCM| installation
7 database before installing |RCE|. This is because during |RCE| installation
8 you will setup a connection to your MySQL or MariaDB database. To work with
8 you will setup a connection to your MySQL or MariaDB database. To work with
9 either, use the following steps:
9 either, use the following steps:
10
10
11 1. Depending on your |os|, install a MySQL or MariaDB database following the
11 1. Depending on your |os|, install a MySQL or MariaDB database following the
12 appropriate instructions from the `MySQL website`_ or `MariaDB website`_.
12 appropriate instructions from the `MySQL website`_ or `MariaDB website`_.
13 2. Configure the database with a username and password which you will use
13 2. Configure the database with a username and password which you will use
14 with |RCM|.
14 with |RCE|.
15 3. Install |RCM|, and during installation select MySQL as your database.
15 3. Install |RCE|, and during installation select MySQL as your database.
16 4. Enter the following information during the database setup:
16 4. Enter the following information during the database setup:
17
17
18 * Your network IP Address
18 * Your network IP Address
Show file before | Show file after | Hide comments
@@ -4,15 +4,15 b' PostgreSQL'
4 ----------
4 ----------
5
5
6 To use a PostgreSQL database, you should install and configure the database
6 To use a PostgreSQL database, you should install and configure the database
7 before installing |RCV|. This is because during |RCV| installation you will
7 before installing |RCE|. This is because during |RCE| installation you will
8 setup the connection to your PostgreSQL database. To work with PostgreSQL,
8 setup the connection to your PostgreSQL database. To work with PostgreSQL,
9 use the following steps:
9 use the following steps:
10
10
11 1. Depending on your |os|, install a PostgreSQL database following the
11 1. Depending on your |os|, install a PostgreSQL database following the
12 appropriate instructions from the `PostgreSQL website`_.
12 appropriate instructions from the `PostgreSQL website`_.
13 2. Configure the database with a username and password, which you will use
13 2. Configure the database with a username and password, which you will use
14 with |RCV|.
14 with |RCE|.
15 3. Install |RCV|, and during installation select PostgreSQL as your database.
15 3. Install |RCE|, and during installation select PostgreSQL as your database.
16 4. Enter the following information during the database setup:
16 4. Enter the following information during the database setup:
17
17
18 * Your network IP Address
18 * Your network IP Address
Show file before | Show file after | Hide comments
@@ -9,15 +9,15 b' SQLite'
9 as it has an internal locking mechanism which can become a performance
9 as it has an internal locking mechanism which can become a performance
10 bottleneck when there are more than 5 concurrent users.
10 bottleneck when there are more than 5 concurrent users.
11
11
12 |RCM| installs SQLite as the default database if you do not specify another
12 |RCE| installs SQLite as the default database if you do not specify another
13 during installation. SQLite is suitable for small teams,
13 during installation. SQLite is suitable for small teams,
14 projects with a low load, and evaluation purposes since it is built into
14 projects with a low load, and evaluation purposes since it is built into
15 |RCM| and does not require any additional database server.
15 |RCE| and does not require any additional database server.
16
16
17 Using MySQL or PostgreSQL in an large setup gives you much greater
17 Using MySQL or PostgreSQL in an large setup gives you much greater
18 performance, and while migration tools exist to move from one database type
18 performance, and while migration tools exist to move from one database type
19 to another, it is better to get it right first time and to immediately use
19 to another, it is better to get it right first time and to immediately use
20 MySQL or PostgreSQL when you deploy |RCM| in a production environment.
20 MySQL or PostgreSQL when you deploy |RCE| in a production environment.
21
21
22 Migrating From SQLite to PostgreSQL
22 Migrating From SQLite to PostgreSQL
23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
23 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Show file before | Show file after | Hide comments
@@ -11,20 +11,20 b' different Slack channels, for example.'
11 Supported integrations
11 Supported integrations
12 ^^^^^^^^^^^^^^^^^^^^^^
12 ^^^^^^^^^^^^^^^^^^^^^^
13
13
14 ================================ ============ ========================================
14 ================================ ================== ========================================
15 Type/Name |RC| Edition Description
15 Type/Name RhodeCode Edition Description
16 ================================ ============ ========================================
16 ================================ ================== ========================================
17 :ref:`integrations-webhook` |RCCEshort| Trigger events as `json` to a custom url
17 :ref:`integrations-webhook` |RCCEshort| Trigger events as `json` to a custom url
18 :ref:`integrations-slack` |RCCEshort| Integrate with https://slack.com/
18 :ref:`integrations-slack` |RCCEshort| Integrate with https://slack.com/
19 :ref:`integrations-hipchat` |RCCEshort| Integrate with https://www.hipchat.com/
19 :ref:`integrations-hipchat` |RCCEshort| Integrate with https://www.hipchat.com/
20 :ref:`integrations-email` |RCCEshort| Send repo push commits by email
20 :ref:`integrations-email` |RCCEshort| Send repo push commits by email
21 :ref:`integrations-ci` |RCCEshort| Trigger Builds for Common CI Systems
21 :ref:`integrations-ci` |RCCEshort| Trigger Builds for Common CI Systems
22 :ref:`integrations-rcextensions` |RCCEshort| Advanced low-level integration framework
22 :ref:`integrations-rcextensions` |RCCEshort| Advanced low-level integration framework
23
23
24 :ref:`integrations-jenkins` |RCEEshort| Trigger Builds for Jenkins CI System
24 :ref:`integrations-jenkins` |RCEEshort| Trigger Builds for Jenkins CI System
25 :ref:`integrations-redmine` |RCEEshort| Close/Resolve/Reference Redmine issues
25 :ref:`integrations-redmine` |RCEEshort| Close/Resolve/Reference Redmine issues
26 :ref:`integrations-jira` |RCEEshort| Close/Resolve/Reference JIRA issues
26 :ref:`integrations-jira` |RCEEshort| Close/Resolve/Reference JIRA issues
27 ================================ ============ ========================================
27 ================================ ================== ========================================
28
28
29 .. _creating-integrations:
29 .. _creating-integrations:
30
30
Show file before | Show file after | Hide comments
@@ -9,7 +9,7 b' You can set an issue tracker connection '
9 * At the |repo| level, you can configure an integration with a different issue
9 * At the |repo| level, you can configure an integration with a different issue
10 tracker.
10 tracker.
11
11
12 To integrate |RCM| with an issue tracker, you need to define a regular
12 To integrate |RCE| with an issue tracker, you need to define a regular
13 expression that will fetch the issue ID stored in commit messages, and replace
13 expression that will fetch the issue ID stored in commit messages, and replace
14 it with a URL. This enables |RCE| to generate a link matching each issue to the
14 it with a URL. This enables |RCE| to generate a link matching each issue to the
15 target |repo|.
15 target |repo|.
Show file before | Show file after | Hide comments
@@ -7,7 +7,7 b' Error Message'
7 Error creating repository repo-name
7 Error creating repository repo-name
8
8
9 Cause
9 Cause
10 As of |RCM| 3.0, a VCS Server is required to run backend operations.
10 As of |RCE| 3.0, a VCS Server is required to run backend operations.
11
11
12 Solution
12 Solution
13 Install a VCS Server. See the `Install a VCS Server`_ section of |RCC|
13 Install a VCS Server. See the `Install a VCS Server`_ section of |RCC|
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 Nix Packaging
3 Nix Packaging
4 =============
4 =============
5
5
6 |RCM| is installed using |Nix Package Manager|. The Nix environment provides
6 |RCE| is installed using |Nix Package Manager|. The Nix environment provides
7 the following features for maintenance and deployment:
7 the following features for maintenance and deployment:
8
8
9 * Atomic upgrades and rollbacks
9 * Atomic upgrades and rollbacks
Show file before | Show file after | Hide comments
@@ -1,7 +1,7 b''
1 |RCE| 3.0.0 |RNS|
1 |RCE| 3.0.0 |RNS|
2 -----------------
2 -----------------
3
3
4 As |RCM| 3.0 is a big release, the release notes have been split into the following sections:
4 As |RCE| 3.0 is a big release, the release notes have been split into the following sections:
5
5
6 * :ref:`general-rn-ref`
6 * :ref:`general-rn-ref`
7 * :ref:`security-rn-ref`
7 * :ref:`security-rn-ref`
Show file before | Show file after | Hide comments
@@ -44,10 +44,10 b' following example:'
44 Installing |RCT|
44 Installing |RCT|
45 ^^^^^^^^^^^^^^^^
45 ^^^^^^^^^^^^^^^^
46
46
47 |RCT| enable you to automate many of the most common |RCM| functions through
47 |RCT| enable you to automate many of the most common |RCE| functions through
48 the API. Installing them on a local machine lets you carry out maintenance on
48 the API. Installing them on a local machine lets you carry out maintenance on
49 the server remotely. Once installed you can use them to index your |repos|
49 the server remotely. Once installed you can use them to index your |repos|
50 to setup full-text search, strip commits, or install |RC| Extensions for
50 to setup full-text search, strip commits, or install RhodeCode Extensions for
51 additional functionality.
51 additional functionality.
52
52
53 For more detailed instructions about using |RCT| for indexing and full-text
53 For more detailed instructions about using |RCT| for indexing and full-text
Show file before | Show file after | Hide comments
@@ -3,7 +3,7 b''
3 |RCT|
3 |RCT|
4 =====
4 =====
5
5
6 |RCT| enable you to automate many of the most common |RCM| functions through
6 |RCT| enable you to automate many of the most common |RCE| functions through
7 the API.
7 the API.
8
8
9 .. toctree::
9 .. toctree::
Show file before | Show file after | Hide comments
@@ -16,7 +16,7 b' rhodecode-tools'
16 ---------------
16 ---------------
17
17
18 Use |RCT| to setup automation, run the indexer, and install extensions for
18 Use |RCT| to setup automation, run the indexer, and install extensions for
19 your |RCM| instances. Options:
19 your |RCE| instances. Options:
20
20
21 .. rst-class:: dl-horizontal
21 .. rst-class:: dl-horizontal
22
22
@@ -49,7 +49,7 b' Example usage:'
49 rhodecode-api
49 rhodecode-api
50 -------------
50 -------------
51
51
52 The |RC| API lets you connect to |RCE| and carry out management tasks from a
52 The RhodeCode API lets you connect to |RCE| and carry out management tasks from a
53 remote machine, for more information about the API, see the :ref:`api`. To
53 remote machine, for more information about the API, see the :ref:`api`. To
54 pass arguments on the command-line use the ``method:option`` syntax.
54 pass arguments on the command-line use the ``method:option`` syntax.
55
55
@@ -117,7 +117,7 b' Options:'
117 rhodecode-cleanup-gists
117 rhodecode-cleanup-gists
118 -----------------------
118 -----------------------
119
119
120 Use this to delete gists within |RCM|. Options:
120 Use this to delete gists within |RCE|. Options:
121
121
122 .. rst-class:: dl-horizontal
122 .. rst-class:: dl-horizontal
123
123
@@ -166,7 +166,7 b' Example usage:'
166 rhodecode-cleanup-repos
166 rhodecode-cleanup-repos
167 -----------------------
167 -----------------------
168
168
169 Use this to manage |repos| and |repo| groups within |RCM|. Options:
169 Use this to manage |repos| and |repo| groups within |RCE|. Options:
170
170
171 .. rst-class:: dl-horizontal
171 .. rst-class:: dl-horizontal
172
172
@@ -280,7 +280,7 b' the using :ref:`integrations-rcextension'
280 rhodecode-gist
280 rhodecode-gist
281 --------------
281 --------------
282
282
283 Use this to create, list, show, or delete gists within |RCM|. Options:
283 Use this to create, list, show, or delete gists within |RCE|. Options:
284
284
285 .. rst-class:: dl-horizontal
285 .. rst-class:: dl-horizontal
286
286
Show file before | Show file after | Hide comments
@@ -7,7 +7,7 b' To install |RCT| correctly, see the inst'
7 :ref:`install-tools`, and :ref:`config-rhoderc`.
7 :ref:`install-tools`, and :ref:`config-rhoderc`.
8
8
9 Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is
9 Once |RCT| is installed, and the :file:`/home/{user}/.rhoderc` file is
10 configured you can then use |RCT| on each |RCM| instance to carry out admin
10 configured you can then use |RCT| on each |RCE| instance to carry out admin
11 tasks. Use the following example to configure that file,
11 tasks. Use the following example to configure that file,
12 and once configured see the :ref:`tools-cli` for more details.
12 and once configured see the :ref:`tools-cli` for more details.
13
13
Show file before | Show file after | Hide comments
@@ -95,10 +95,10 b' but below is the example shortcut.'
95
95
96 # Check that the script is uploaded to your home directory
96 # Check that the script is uploaded to your home directory
97 $ ls -1
97 $ ls -1
98 RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
98 RhodeCode-installer-linux-buildYYYYXXXX_ZZZZ
99
99
100 # Change the script permissions
100 # Change the script permissions
101 $ chmod 755 RhodeCode-installer-linux*
101 $ chmod +x RhodeCode-installer-linux*
102
102
103 # Run the installer and accept the prompts
103 # Run the installer and accept the prompts
104 $ ./RhodeCode-installer-linux-*
104 $ ./RhodeCode-installer-linux-*
Show file before | Show file after | Hide comments
@@ -7,13 +7,13 b''
7 Git Large File Storage (or LFS) is a new, open-source extension to Git that
7 Git Large File Storage (or LFS) is a new, open-source extension to Git that
8 aims to improve handling of large files. It does this by replacing large files
8 aims to improve handling of large files. It does this by replacing large files
9 in your repository—such as graphics and videos—with simple text pointers.
9 in your repository—such as graphics and videos—with simple text pointers.
10 |RC| Server includes an embedded LFS object store server, allowing storage of
10 RhodeCode Server includes an embedded LFS object store server, allowing storage of
11 large files without the need for an external object store.
11 large files without the need for an external object store.
12 Git LFS is disabled by default, globally, and for each individual repository.
12 Git LFS is disabled by default, globally, and for each individual repository.
13
13
14 .. note::
14 .. note::
15
15
16 |RC| implements V2 API of Git LFS. Please make sure your git client is
16 RhodeCode implements V2 API of Git LFS. Please make sure your git client is
17 using the latest version (2.0.X recommended) to leverage full feature set
17 using the latest version (2.0.X recommended) to leverage full feature set
18 of the V2 API.
18 of the V2 API.
19
19
@@ -22,7 +22,7 b' Git LFS is disabled by default, globally'
22 Enabling Git LFS
22 Enabling Git LFS
23 ++++++++++++++++
23 ++++++++++++++++
24
24
25 Git LFS is disabled by default within |RC| Server.
25 Git LFS is disabled by default within RhodeCode Server.
26
26
27 To enable Git LFS Globally:
27 To enable Git LFS Globally:
28
28
@@ -87,7 +87,7 b' size in bytes. For example::'
87
87
88
88
89 The object itself will be uploaded to a separate location via the Git LFS Batch API.
89 The object itself will be uploaded to a separate location via the Git LFS Batch API.
90 The transfer is validated and authorized by |RC| server itself.
90 The transfer is validated and authorized by RhodeCode server itself.
91
91
92 If give repository has Git LFS disabled, a proper message will be sent back to
92 If give repository has Git LFS disabled, a proper message will be sent back to
93 the client and upload of LFS objects will be forbidden.
93 the client and upload of LFS objects will be forbidden.
Show file before | Show file after | Hide comments
@@ -13,7 +13,7 b' of the current revision. This saves both'
13 Enabling HG Largefiles
13 Enabling HG Largefiles
14 ++++++++++++++++++++++
14 ++++++++++++++++++++++
15
15
16 Mercurial Largefiles extension is disabled by default within |RC| Server.
16 Mercurial Largefiles extension is disabled by default within RhodeCode Server.
17
17
18 To enable Mercurial Largefiles Globally:
18 To enable Mercurial Largefiles Globally:
19
19
Show file before | Show file after | Hide comments
@@ -25,7 +25,7 b' Pre-requisites'
25 * For MySQL, do not use `localhost` in the database connection string of the
25 * For MySQL, do not use `localhost` in the database connection string of the
26 :file:`rhodecode.ini` file.
26 :file:`rhodecode.ini` file.
27 * InnoDB must be the database tables engine.
27 * InnoDB must be the database tables engine.
28 * Contact |RC| for a new licence Key/Token pair. If you don't, a trial licence
28 * Contact RhodeCode for a new licence Key/Token pair. If you don't, a trial licence
29 will be applied so you are not locked out of the upgraded instance.
29 will be applied so you are not locked out of the upgraded instance.
30
30
31 You can find the specific instructions to carry out these pre-requisite steps
31 You can find the specific instructions to carry out these pre-requisite steps
Show file before | Show file after | Hide comments
@@ -3,19 +3,19 b''
3 Getting Started with VCS
3 Getting Started with VCS
4 ------------------------
4 ------------------------
5
5
6 When using |RCM|, you will be working with |git|, |svn| or |hg| |repos| from the
6 When using |RCE|, you will be working with |git|, |svn| or |hg| |repos| from the
7 command line or using a GUI client such as Tortoise, Tower or SourceTree.
7 command line or using a GUI client such as Tortoise, Tower or SourceTree.
8
8
9 |RCM| uses a standard |git|, |svn| and |hg| protocols. So all tools that
9 |RCE| uses a standard |git|, |svn| and |hg| protocols. So all tools that
10 can interact with there protocols are supported, including Eclipse or PyCharm
10 can interact with there protocols are supported, including Eclipse or PyCharm
11 plugins.
11 plugins.
12
12
13
13
14 If you have never used either before, the following information should
14 If you have never used either before, the following information should
15 help you set up your local machine so that you can sync changes with the
15 help you set up your local machine so that you can sync changes with the
16 |RCM| server.
16 |RCE| server.
17
17
18 All of the following instructions assume you have a |RCM| account,
18 All of the following instructions assume you have a |RCE| account,
19 and you can access your |repos| from the web interface.
19 and you can access your |repos| from the web interface.
20
20
21 .. note::
21 .. note::
Show file before | Show file after | Hide comments
@@ -3,14 +3,14 b' File Editing'
3
3
4 To edit files using the online editor, use the following steps.
4 To edit files using the online editor, use the following steps.
5
5
6 1. From the |RCM| interface, select :menuselection:`Admin --> Repositories`
6 1. From the |RCE| interface, select :menuselection:`Admin --> Repositories`
7 2. Select the |repo| in which you want to edit a file.
7 2. Select the |repo| in which you want to edit a file.
8 3. Select the :guilabel:`file` view of the |repo|, and double-click on the file.
8 3. Select the :guilabel:`file` view of the |repo|, and double-click on the file.
9 4. To open the editor, select the :guilabel:`edit on branch:default` button.
9 4. To open the editor, select the :guilabel:`edit on branch:default` button.
10
10
11 * If the filename has an extension |RCM| recognises,
11 * If the filename has an extension |RCE| recognises,
12 the syntax highlighting will appear automatically.
12 the syntax highlighting will appear automatically.
13 * If the filename does not have an extension |RCM| recognises,
13 * If the filename does not have an extension |RCE| recognises,
14 you can set the language syntax highlighter by
14 you can set the language syntax highlighter by
15 choosing from the file type drop down menu.
15 choosing from the file type drop down menu.
16 5. To save your changes, select :guilabel:`Commit changes`
16 5. To save your changes, select :guilabel:`Commit changes`
Show file before | Show file after | Hide comments
@@ -4,7 +4,7 b' Gist Editing'
4 ^^^^^^^^^^^^
4 ^^^^^^^^^^^^
5
5
6 Gists are standalone files that only the creator can edit. To work with
6 Gists are standalone files that only the creator can edit. To work with
7 gists, click on the :guilabel:`Gists` tab on the |RCM| header. The gist
7 gists, click on the :guilabel:`Gists` tab on the |RCE| header. The gist
8 editor also has syntax highlighting.
8 editor also has syntax highlighting.
9
9
10 You can set the following properties for each gist:
10 You can set the following properties for each gist:
@@ -13,7 +13,7 b' You can set the following properties for'
13 and will show up in searches.
13 and will show up in searches.
14 * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set
14 * :guilabel:`Gist Lifetime`: You can set a gist to expire after a set
15 period by using the :guilabel:`Gist Lifetime` dropdown menu.
15 period by using the :guilabel:`Gist Lifetime` dropdown menu.
16 This means that when the gist expires it will be deleted from the |RCM|
16 This means that when the gist expires it will be deleted from the |RCE|
17 gist database.
17 gist database.
18 * :guilabel:`Private`: This means that the gist will not show up in searches.
18 * :guilabel:`Private`: This means that the gist will not show up in searches.
19 * :guilabel:`Gist access level`: If you create a private gist you can have
19 * :guilabel:`Gist access level`: If you create a private gist you can have
Show file before | Show file after | Hide comments
@@ -1,7 +1,7 b''
1 Online Editing
1 Online Editing
2 --------------
2 --------------
3
3
4 |RCM| has an integrated online editor, allowing you to edit files in the
4 |RCE| has an integrated online editor, allowing you to edit files in the
5 browser. The online editor has syntax highlighting and the ability to fork,
5 browser. The online editor has syntax highlighting and the ability to fork,
6 merge, and commit changes to files.
6 merge, and commit changes to files.
7
7
Show file before | Show file after | Hide comments
@@ -249,7 +249,7 b' class LdapSettingsSchema(AuthnPluginSett'
249 colander.Int(),
249 colander.Int(),
250 default=389,
250 default=389,
251 description=_('Custom port that the LDAP server is listening on. '
251 description=_('Custom port that the LDAP server is listening on. '
252 'Default value is: 389'),
252 'Default value is: 389, use 689 for LDAPS(SSL)'),
253 preparer=strip_whitespace,
253 preparer=strip_whitespace,
254 title=_('Port'),
254 title=_('Port'),
255 validator=colander.Range(min=0, max=65536),
255 validator=colander.Range(min=0, max=65536),
Show file before | Show file after | Hide comments
@@ -534,7 +534,7 b' address {'
534 color: @grey4;
534 color: @grey4;
535 font-family: @text-light;
535 font-family: @text-light;
536 &.pre-formatting {
536 &.pre-formatting {
537 white-space: pre;
537 white-space: pre-wrap;
538 }
538 }
539 }
539 }
540
540
Show file before | Show file after | Hide comments
@@ -97,6 +97,18 b''
97 ${h.end_form()}
97 ${h.end_form()}
98 </div>
98 </div>
99 </div>
99 </div>
100
101 % if request.GET.get('schema'):
102 ## this is for development and creation of example configurations for documentation
103 <pre>
104 % for node in plugin.get_settings_schema():
105 *option*: `${node.name}` => `${defaults.get(node.name)}`${'\n # '.join(['']+node.description.splitlines())}
106
107 % endfor
108 </pre>
109
110 % endif
111
100 </div>
112 </div>
101 </div>
113 </div>
102 </div>
114 </div>
@@ -104,8 +116,7 b''
104 </div>
116 </div>
105 </div>
117 </div>
106
118
107 ## TODO: Ugly hack to get ldap select elements to work.
119
108 ## Find a solution to integrate this nicely.
109 <script>
120 <script>
110 $(document).ready(function() {
121 $(document).ready(function() {
111 var select2Options = {
122 var select2Options = {
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed, binary diff hidden
NO CONTENT: file was removed, binary diff hidden
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed, binary diff hidden
NO CONTENT: file was removed, binary diff hidden
General Comments 0
You need to be logged in to leave comments. Login now