如何使用LDAP组成员身份同步设置TeamCity
这是一个简短的方法,可以帮助您使用TeamCity的LDAP设置。 在我成功运行同步之前,我个人奋斗了相当长一段时间。默认的配置文件有很多设置和文本,这可能会让人困惑而不是帮助。在JetBrains和StackOverflow上都可以看到很多关于设置组同步的帖子 此设置假定您没有用于导入成员的嵌套组,而是单个组。 如果您想为TeamCity使用嵌套组,请查看下面的“通过同步限制组数”部分 相应地更改teamcity.users.filter如何使用LDAP组成员身份同步设置TeamCity,ldap,synchronization,teamcity,group-membership,nested-groups,Ldap,Synchronization,Teamcity,Group Membership,Nested Groups,这是一个简短的方法,可以帮助您使用TeamCity的LDAP设置。 在我成功运行同步之前,我个人奋斗了相当长一段时间。默认的配置文件有很多设置和文本,这可能会让人困惑而不是帮助。在JetBrains和StackOverflow上都可以看到很多关于设置组同步的帖子 此设置假定您没有用于导入成员的嵌套组,而是单个组。 如果您想为TeamCity使用嵌套组,请查看下面的“通过同步限制组数”部分 相应地更改teamcity.users.filter teamcity.users.filter=(&
teamcity.users.filter=(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=TeamCity Users,OU=Accounts,DC=domain,DC=com))
- 你已经读过指南了
- 您有一个Active Directory用户(或更好的:ServiceAccount),可以使用用户名/密码连接到LDAP
- 您可以使用LDAP登录,但不知道如何使组成员身份同步工作
java.naming.provider.url=ldap://<your server or domain>:3268/DC=YOUR,DC=Domain,DC=Here
java.naming.security.principal=<username>
java.naming.security.credentials=<password>
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.username=sAMAccountName
### USERS SETTINGS ###
teamcity.options.users.synchronize=true
teamcity.users.filter=(objectClass=user)
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
# Automatic user creation and deletion during users synchronization
teamcity.options.createUsers=true
teamcity.options.deleteUsers=true
### GROUPS SETTINGS ###
# These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists)
# Set to "true" to enable the synchronization for groups listed in ldap-mapping.xml file.
# IMPORTANT NOTE: TeamCity groups should be already created manually and listed in ldap-mapping.xml file.
teamcity.options.groups.synchronize=true
# The group search LDAP filter used to retrieve groups to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.groups.base". The result should include all the groups configured in the ldap-mapping.xml file.
teamcity.groups.filter=(objectClass=group)
### OPTIONAL SETTINGS ###
# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout=3600000
# The LDAP attribute of a group storing it's members.
# Note: LDAP attribute should contain the full DN of the member, one attribute per member. See also "teamcity.users.property.memberId".
teamcity.groups.property.member=member
<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
<mapping>
<!-- Example mapping entry:
<group-mapping teamcityGroupKey="GROUP" ldapGroupDn="CN=Group,DC=Example,DC=Com"/>
-->
<group-mapping teamcityGroupKey="YourGroupKey" ldapGroupDn="CN=<DNName>" />
</mapping>
java.naming.provider.url=ldap://:3268/DC=YOUR,DC=Domain,DC=Here
java.naming.security.principal=
java.naming.security.credentials=
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.username=sAMAccountName
###用户设置###
teamcity.options.users.synchronize=true
teamcity.users.filter=(objectClass=user)
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
#用户同步期间自动创建和删除用户
teamcity.options.createUsers=true
teamcity.options.deleteUsers=true
###组设置###
#如果组同步已打开(ldap-mapping.xml存在),则这些设置是必需的
#设置为“true”以启用ldap-mapping.xml文件中列出的组的同步。
#重要提示:TeamCity组应该已经手动创建并列在ldap-mapping.xml文件中。
teamcity.options.groups.synchronize=true
#用于检索要同步的组的组搜索LDAP筛选器。
#搜索在LDAP条目内执行,该条目由“teamcity.groups.base”表示。结果应该包括ldap-mapping.xml文件中配置的所有组。
teamcity.groups.filter=(objectClass=group)
###可选设置###
#同步之间的时间间隔(以毫秒为单位)。默认情况下,它是一小时。
teamcity.options.syncTimeout=3600000
#存储其成员的组的LDAP属性。
#注意:LDAP属性应该包含成员的完整DN,每个成员一个属性。另请参见“teamcity.users.property.memberId”。
teamcity.groups.property.member=成员
java.naming.provider.url=ldap://<your server or domain>:3268/DC=YOUR,DC=Domain,DC=Here
java.naming.security.principal=<username>
java.naming.security.credentials=<password>
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)
teamcity.users.username=sAMAccountName
### USERS SETTINGS ###
teamcity.options.users.synchronize=true
teamcity.users.filter=(objectClass=user)
teamcity.users.property.displayName=displayName
teamcity.users.property.email=mail
# Automatic user creation and deletion during users synchronization
teamcity.options.createUsers=true
teamcity.options.deleteUsers=true
### GROUPS SETTINGS ###
# These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists)
# Set to "true" to enable the synchronization for groups listed in ldap-mapping.xml file.
# IMPORTANT NOTE: TeamCity groups should be already created manually and listed in ldap-mapping.xml file.
teamcity.options.groups.synchronize=true
# The group search LDAP filter used to retrieve groups to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.groups.base". The result should include all the groups configured in the ldap-mapping.xml file.
teamcity.groups.filter=(objectClass=group)
### OPTIONAL SETTINGS ###
# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout=3600000
# The LDAP attribute of a group storing it's members.
# Note: LDAP attribute should contain the full DN of the member, one attribute per member. See also "teamcity.users.property.memberId".
teamcity.groups.property.member=member
<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
<mapping>
<!-- Example mapping entry:
<group-mapping teamcityGroupKey="GROUP" ldapGroupDn="CN=Group,DC=Example,DC=Com"/>
-->
<group-mapping teamcityGroupKey="YourGroupKey" ldapGroupDn="CN=<DNName>" />
</mapping>
get-adgroup <Group name> -properties *
get-adgroup-properties*
在ldap-mapping.xml文件的ldapGroupDn字段中添加DifferentizedName和teamcityGroupKey,您就可以开始了。最好将问题和答案分开,这样您就可以接受了,标记为已回答的帖子更容易从google检索。我会尽快这样做:)注意!如果teamcity.groups.filter=(objectClass=group)保持如下状态。然后可能会扫描整个Active Directory以查找组。最好的方法是创建一个只同步嵌套组成员的嵌套组。(&(memberOf:1.2.840.113556.1.4.1941:={group.discrimitedName})(objectClass=group)(objectCategory={group.Schema}))