u/ewong/rhodecode-enterprise-ce-fork Files · docs/auth/ldap-config-steps.rst

pr-versioning: ux better selectors

marcink - - Load All Authors

File last commit:

r1:854a839a default


                r1370:34fbad0a

default

Download file

             ldap-config-steps.rst
        
                    88 lines
            
             | 2.5 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / auth / ldap-config-steps.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      .. _config-ldap-ref:

      LDAP

      ----

      |RCM| supports LDAP (Lightweight Directory Access Protocol) authentication.

      All LDAP versions are supported, with the following |RCM| plugins managing each:

      * For LDAPv3 use ``rhodecode.lib.auth_modules.auth_ldap_group``

      * For older LDAP versions use ``rhodecode.lib.auth_modules.auth_ldap``

      .. important::

         The email used with your |RCE| super-admin account needs to match the email

         address attached to your admin profile in LDAP. This is because

         within |RCE| the user email needs to be unique, and multiple users

         cannot share an email account.

         Likewise, if as an admin you also have a user account, the email address

         attached to the user account needs to be different.

      LDAP Configuration Steps

      ^^^^^^^^^^^^^^^^^^^^^^^^

      To configure |LDAP|, use the following steps:

      1. From the |RCM| interface, select

         :menuselection:`Admin --> Authentication`

      2. Enable the required plugin and select :guilabel:`Save`

      3. Select the :guilabel:`Enabled` check box in the plugin configuration section

      4. Add the required LDAP information and :guilabel:`Save`, for more details,

         see :ref:`config-ldap-examples`

      For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:

      .. _config-ldap-examples:

      Example LDAP configuration

      ^^^^^^^^^^^^^^^^^^^^^^^^^^

      .. code-block:: bash

              # Auth Cache TTL

              3600

              # Host

              https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/

              # Port

              389

              # Account

              cn=admin,dc=rhodecode,dc=com

              # Password

              ldap-user-password

              # LDAP connection security

              LDAPS

              # Certificate checks level

              DEMAND

              # Base DN

              cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com

              # User Search Base

              ou=groups,ou=users

              # LDAP search filter

              (objectClass=person)

              # LDAP search scope

              SUBTREE

              # Login attribute

              rmagillacuddy

              # First Name Attribute

              Rufus

              # Last Name Attribute

              Magillacuddy

              # Email Attribute

              LDAP-Registered@email.ac

              # User Member of Attribute

              Organizational Role

              # Group search base

              cn=users,ou=groups,dc=rhodecode,dc=com

              # LDAP Group Search Filter

              (objectclass=posixGroup)

              # Group Name Attribute

              users

              # Group Member Of Attribute

              cn

              # Admin Groups

              admin,devops,qa

      .. toctree::

         ldap-active-directory

         ldap-authentication

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	.. _config-ldap-ref:

		LDAP
		----

		\|RCM\| supports LDAP (Lightweight Directory Access Protocol) authentication.
		All LDAP versions are supported, with the following \|RCM\| plugins managing each:

		* For LDAPv3 use ``rhodecode.lib.auth_modules.auth_ldap_group``
		* For older LDAP versions use ``rhodecode.lib.auth_modules.auth_ldap``

		.. important::

		The email used with your \|RCE\| super-admin account needs to match the email
		address attached to your admin profile in LDAP. This is because
		within \|RCE\| the user email needs to be unique, and multiple users
		cannot share an email account.

		Likewise, if as an admin you also have a user account, the email address
		attached to the user account needs to be different.

		LDAP Configuration Steps
		^^^^^^^^^^^^^^^^^^^^^^^^

		To configure \|LDAP\|, use the following steps:

		1. From the \|RCM\| interface, select
		:menuselection:`Admin --> Authentication`
		2. Enable the required plugin and select :guilabel:`Save`
		3. Select the :guilabel:`Enabled` check box in the plugin configuration section
		4. Add the required LDAP information and :guilabel:`Save`, for more details,
		see :ref:`config-ldap-examples`

		For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:

		.. _config-ldap-examples:

		Example LDAP configuration
		^^^^^^^^^^^^^^^^^^^^^^^^^^
		.. code-block:: bash

		# Auth Cache TTL
		3600
		# Host
		https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
		# Port
		389
		# Account
		cn=admin,dc=rhodecode,dc=com
		# Password
		ldap-user-password
		# LDAP connection security
		LDAPS
		# Certificate checks level
		DEMAND
		# Base DN
		cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
		# User Search Base
		ou=groups,ou=users
		# LDAP search filter
		(objectClass=person)
		# LDAP search scope
		SUBTREE
		# Login attribute
		rmagillacuddy
		# First Name Attribute
		Rufus
		# Last Name Attribute
		Magillacuddy
		# Email Attribute
		LDAP-Registered@email.ac
		# User Member of Attribute
		Organizational Role
		# Group search base
		cn=users,ou=groups,dc=rhodecode,dc=com
		# LDAP Group Search Filter
		(objectclass=posixGroup)
		# Group Name Attribute
		users
		# Group Member Of Attribute
		cn
		# Admin Groups
		admin,devops,qa

		.. toctree::

		ldap-active-directory
		ldap-authentication