Show More
@@ -1,88 +1,90 b'' | |||||
1 | .. _config-ldap-ref: |
|
1 | .. _config-ldap-ref: | |
2 |
|
2 | |||
3 | LDAP |
|
3 | LDAP | |
4 | ---- |
|
4 | ---- | |
5 |
|
5 | |||
6 |
|RCM| supports LDAP (Lightweight Directory Access Protocol) |
|
6 | |RCM| supports LDAP (Lightweight Directory Access Protocol) or | |
|
7 | AD (active Directory) authentication. | |||
7 | All LDAP versions are supported, with the following |RCM| plugins managing each: |
|
8 | All LDAP versions are supported, with the following |RCM| plugins managing each: | |
8 |
|
9 | |||
9 | * For LDAPv3 use ``rhodecode.lib.auth_modules.auth_ldap_group`` |
|
10 | * For LDAPv3 use ``LDAP (egg:rhodecode-enterprise-ce#ldap)`` | |
10 | * For older LDAP versions use ``rhodecode.lib.auth_modules.auth_ldap`` |
|
11 | * For LDAPv3 with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)`` | |
|
12 | ||||
11 |
|
13 | |||
12 | .. important:: |
|
14 | .. important:: | |
13 |
|
15 | |||
14 | The email used with your |RCE| super-admin account needs to match the email |
|
16 | The email used with your |RCE| super-admin account needs to match the email | |
15 | address attached to your admin profile in LDAP. This is because |
|
17 | address attached to your admin profile in LDAP. This is because | |
16 | within |RCE| the user email needs to be unique, and multiple users |
|
18 | within |RCE| the user email needs to be unique, and multiple users | |
17 | cannot share an email account. |
|
19 | cannot share an email account. | |
18 |
|
20 | |||
19 | Likewise, if as an admin you also have a user account, the email address |
|
21 | Likewise, if as an admin you also have a user account, the email address | |
20 | attached to the user account needs to be different. |
|
22 | attached to the user account needs to be different. | |
21 |
|
23 | |||
22 | LDAP Configuration Steps |
|
24 | LDAP Configuration Steps | |
23 | ^^^^^^^^^^^^^^^^^^^^^^^^ |
|
25 | ^^^^^^^^^^^^^^^^^^^^^^^^ | |
24 |
|
26 | |||
25 | To configure |LDAP|, use the following steps: |
|
27 | To configure |LDAP|, use the following steps: | |
26 |
|
28 | |||
27 | 1. From the |RCM| interface, select |
|
29 | 1. From the |RCM| interface, select | |
28 | :menuselection:`Admin --> Authentication` |
|
30 | :menuselection:`Admin --> Authentication` | |
29 | 2. Enable the required plugin and select :guilabel:`Save` |
|
31 | 2. Enable the required plugin and select :guilabel:`Save` | |
30 | 3. Select the :guilabel:`Enabled` check box in the plugin configuration section |
|
32 | 3. Select the :guilabel:`Enabled` check box in the plugin configuration section | |
31 | 4. Add the required LDAP information and :guilabel:`Save`, for more details, |
|
33 | 4. Add the required LDAP information and :guilabel:`Save`, for more details, | |
32 | see :ref:`config-ldap-examples` |
|
34 | see :ref:`config-ldap-examples` | |
33 |
|
35 | |||
34 | For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`: |
|
36 | For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`: | |
35 |
|
37 | |||
36 | .. _config-ldap-examples: |
|
38 | .. _config-ldap-examples: | |
37 |
|
39 | |||
38 | Example LDAP configuration |
|
40 | Example LDAP configuration | |
39 | ^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
41 | ^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
40 | .. code-block:: bash |
|
42 | .. code-block:: bash | |
41 |
|
43 | |||
42 | # Auth Cache TTL |
|
44 | # Auth Cache TTL | |
43 | 3600 |
|
45 | 3600 | |
44 | # Host |
|
46 | # Host | |
45 | https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ |
|
47 | https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ | |
46 | # Port |
|
48 | # Port | |
47 | 389 |
|
49 | 389 | |
48 | # Account |
|
50 | # Account | |
49 | cn=admin,dc=rhodecode,dc=com |
|
51 | cn=admin,dc=rhodecode,dc=com | |
50 | # Password |
|
52 | # Password | |
51 | ldap-user-password |
|
53 | ldap-user-password | |
52 | # LDAP connection security |
|
54 | # LDAP connection security | |
53 | LDAPS |
|
55 | LDAPS | |
54 | # Certificate checks level |
|
56 | # Certificate checks level | |
55 | DEMAND |
|
57 | DEMAND | |
56 | # Base DN |
|
58 | # Base DN | |
57 | cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com |
|
59 | cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com | |
58 | # User Search Base |
|
60 | # User Search Base | |
59 | ou=groups,ou=users |
|
61 | ou=groups,ou=users | |
60 | # LDAP search filter |
|
62 | # LDAP search filter | |
61 | (objectClass=person) |
|
63 | (objectClass=person) | |
62 | # LDAP search scope |
|
64 | # LDAP search scope | |
63 | SUBTREE |
|
65 | SUBTREE | |
64 | # Login attribute |
|
66 | # Login attribute | |
65 | rmagillacuddy |
|
67 | rmagillacuddy | |
66 | # First Name Attribute |
|
68 | # First Name Attribute | |
67 | Rufus |
|
69 | Rufus | |
68 | # Last Name Attribute |
|
70 | # Last Name Attribute | |
69 | Magillacuddy |
|
71 | Magillacuddy | |
70 | # Email Attribute |
|
72 | # Email Attribute | |
71 | LDAP-Registered@email.ac |
|
73 | LDAP-Registered@email.ac | |
72 | # User Member of Attribute |
|
74 | # User Member of Attribute | |
73 | Organizational Role |
|
75 | Organizational Role | |
74 | # Group search base |
|
76 | # Group search base | |
75 | cn=users,ou=groups,dc=rhodecode,dc=com |
|
77 | cn=users,ou=groups,dc=rhodecode,dc=com | |
76 | # LDAP Group Search Filter |
|
78 | # LDAP Group Search Filter | |
77 | (objectclass=posixGroup) |
|
79 | (objectclass=posixGroup) | |
78 | # Group Name Attribute |
|
80 | # Group Name Attribute | |
79 | users |
|
81 | users | |
80 | # Group Member Of Attribute |
|
82 | # Group Member Of Attribute | |
81 | cn |
|
83 | cn | |
82 | # Admin Groups |
|
84 | # Admin Groups | |
83 | admin,devops,qa |
|
85 | admin,devops,qa | |
84 |
|
86 | |||
85 | .. toctree:: |
|
87 | .. toctree:: | |
86 |
|
88 | |||
87 | ldap-active-directory |
|
89 | ldap-active-directory | |
88 | ldap-authentication |
|
90 | ldap-authentication |
General Comments 0
You need to be logged in to leave comments.
Login now