##// END OF EJS Templates
auth: don't break hashing in case of user with empty password....
auth: don't break hashing in case of user with empty password. In some cases such as LDAP user created via external scripts users might set the passwords to empty. The hashing uses the md5(password_hash) to store reference to detect password changes and forbid using the same password. In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such case. This change makes it work for empty passwords now.

File last commit:

r1936:39cf4a72 default
r2203:8a18c3c3 default
Show More
ldap-config-steps.rst
90 lines | 2.5 KiB | text/x-rst | RstLexer
/ docs / auth / ldap-config-steps.rst
project: added all source files and assets
r1 .. _config-ldap-ref:
LDAP
----
docs: fixed ldap options. Those no longer exist in 4.X
r1936 |RCM| supports LDAP (Lightweight Directory Access Protocol) or
AD (active Directory) authentication.
project: added all source files and assets
r1 All LDAP versions are supported, with the following |RCM| plugins managing each:
docs: fixed ldap options. Those no longer exist in 4.X
r1936 * For LDAPv3 use ``LDAP (egg:rhodecode-enterprise-ce#ldap)``
* For LDAPv3 with user group sync use ``LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)``
project: added all source files and assets
r1
.. important::
The email used with your |RCE| super-admin account needs to match the email
address attached to your admin profile in LDAP. This is because
within |RCE| the user email needs to be unique, and multiple users
cannot share an email account.
Likewise, if as an admin you also have a user account, the email address
attached to the user account needs to be different.
LDAP Configuration Steps
^^^^^^^^^^^^^^^^^^^^^^^^
To configure |LDAP|, use the following steps:
1. From the |RCM| interface, select
:menuselection:`Admin --> Authentication`
2. Enable the required plugin and select :guilabel:`Save`
3. Select the :guilabel:`Enabled` check box in the plugin configuration section
4. Add the required LDAP information and :guilabel:`Save`, for more details,
see :ref:`config-ldap-examples`
For a more detailed description of LDAP objects, see :ref:`ldap-gloss-ref`:
.. _config-ldap-examples:
Example LDAP configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: bash
# Auth Cache TTL
3600
# Host
https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
# Port
389
# Account
cn=admin,dc=rhodecode,dc=com
# Password
ldap-user-password
# LDAP connection security
LDAPS
# Certificate checks level
DEMAND
# Base DN
cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
# User Search Base
ou=groups,ou=users
# LDAP search filter
(objectClass=person)
# LDAP search scope
SUBTREE
# Login attribute
rmagillacuddy
# First Name Attribute
Rufus
# Last Name Attribute
Magillacuddy
# Email Attribute
LDAP-Registered@email.ac
# User Member of Attribute
Organizational Role
# Group search base
cn=users,ou=groups,dc=rhodecode,dc=com
# LDAP Group Search Filter
(objectclass=posixGroup)
# Group Name Attribute
users
# Group Member Of Attribute
cn
# Admin Groups
admin,devops,qa
.. toctree::
ldap-active-directory
ldap-authentication