0

0 user and group synchronized Below are my ldap log and settings. All I want to do is: 1. map the AD group "ccusers" to a group in TeamCity and create all users in that group. 2. Or add all users in AD group "ccusers" to "All Users" group in TeamCity.

How can I setup this? 

[2014-02-10 09:11:01,871]   INFO -     jetbrains.buildServer.LDAP - Starting synchronization session
[2014-02-10 09:11:01,871]   INFO -     jetbrains.buildServer.LDAP - Fetching remote users and groups
[2014-02-10 09:11:01,902]   WARN -     jetbrains.buildServer.LDAP - Total results: 0
[2014-02-10 09:11:01,917]   INFO -     jetbrains.buildServer.LDAP - LDAP groups mapping loaded
[2014-02-10 09:11:01,964]   WARN -     jetbrains.buildServer.LDAP - Total results: 1
[2014-02-10 09:11:01,964]   INFO -     jetbrains.buildServer.LDAP - Last synchronization statistics: created users=0, updated users=0, deleted users=0, remote users=0, matched users=0, created groups=0, updated groups=0, deleted groups=0, remote groups=0, matched groups=0, duration=93ms, errors=[]

# LDAP SYNCHRONIZATION
####################################################################################################

### USERS SETTINGS ###

# Set to "true" to enable the synchronization for existig users' properties.
# For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
teamcity.options.users.synchronize=true

# The user search LDAP filter used to retrieve users to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.users.base".
# Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
#teamcity.users.filter=(objectClass=user)
teamcity.users.filter=(&(objectCategory=Person)(memberof=CN=ccusers,OU=UNIX%20Security%20Groups,OU=CTD_CM_RMG,OU=Corporate%20Clients%20V2,DC=office,DC=adroot,DC=bmogc,DC=net))

### GROUPS SETTINGS ###
# These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists)

# Set to "true" to enable the synchronization for groups listed in ldap-mapping.xml file.
# IMPORTANT NOTE: TeamCity groups should be alredy created manually and listed in ldap-mapping.xml file.
teamcity.options.groups.synchronize=true

# The groups base DN. If defined, groups are retrieved only from the LDAP subtree denoted by this DN.
# This DN should be "relative" to the root specified by "java.naming.provider.url".
# If omitted, it is assumed empty and group searches are performed under the entry denoted by "java.naming.provider.url".
#teamcity.groups.base=CN=users
#teamcity.groups.base=DC=office,DC=adroot,DC=bmogc,DC=net
# The group search LDAP filter used to retrieve groups to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
#teamcity.groups.filter=(objectClass=group)
teamcity.groups.filter=(&(objectClass=Group)(|(cn=ccusers)))

# Set to "true" to enable automatic user creation and deletion during group synchronization.
teamcity.options.createUsers=false
teamcity.options.deleteUsers=false

### OPTIONAL SETTINGS ###

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000

# The attribute that indicates the member of the group.
# Note: LDAP property should contain the full DN of the member.
teamcity.groups.property.member=member

# The name of LDAP attribute containing the DN. By default, 'distinguishedName' is used.
#teamcity.property.distinguishedName=distinguishedName
teamcity.property.distinguishedName=cn

# The name of LDAP attribute to retrieve user's full name
teamcity.users.property.displayName=displayName

# The name of LDAP attribute to retrieve user's email
teamcity.users.property.email=mail
user2784896
  • 203
  • 3
  • 9
  • Jirong Hu: You should sanitize data like this that you post to the Internet. I'm impressed that you didn't include any passwords (like "1BmoPa99wordL") in this, but you still should remove identifying information about your domain. – Evan Anderson Feb 18 '14 at 22:03

1 Answers1

1

If I understand well you should edit ldap-mapping.xml (or create it as a copy from ldap-mapping.xml.dist). You can create a map in this file.

<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
<mapping>  
  <group-mapping teamcityGroupKey="ALL_USERS_GROUP" ldapGroupDn="CN=ccusers,OU=UNIX%20Security%20Groups,OU=CTD_CM_RMG,OU=Corporate%20Clients%20V2,DC=office,DC=adroot,DC=bmogc,DC=net"/>     
</mapping>

Updated:

I've compared your log and an one of mine. I see ie "Statistics: ... remote users=27, ... remote group=1". So I guess you could have a mistake in your filter or base. I've debugged my filters in LDAP Apanche Directory Studio.

BuckTheBug
  • 111
  • 3