How to set up LDAP in Bamboo
This Knowledge Base Article is only meant for Bamboo instances prior v6.6.
A new feature Embedded Crowd has been introduced in most recent Bamboo version (v6.6 or above) and this can be review in Bamboo 6.6 Release Notes
If you are running Bamboo v6.6 or above, please refer to Connecting to external user directories instead.
The following documentation is based on Integrating Bamboo with LDAP (Bamboo v6.5 or below). However, in the following you will find an example on how to:
- Set up the LDAP in the "atlassian-user.xml" used by Bamboo
- Validate your LDAP settings prior integrating with Bamboo
- Integrate LDAP with Bamboo
1. Set up LDAP in the "atlassian-user.xml" used by Bamboo
The illustration above describes the Bamboo directory structure.
Please, navigate to <bamboo-home>/xml-data/configuration directory and make a copy of "atlassian-user.xml" (i.e.: atlassian-user-custom.xml)
By opening up "atlassian-user-custom.xml", by default you should find the following, which describes Bamboo's Internal Directory configuration.
<atlassian-user>
<repositories>
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
</repositories>
</atlassian-user>
Now, we need to prepare the XML structure above to receive our LDAP configuration. As a result, you should have the following:
<atlassian-user>
<repositories>
<!-- LDAP repository -->
<ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true">
<!-- your ldap configuration -->
</ldap>
<!-- Default bamboo user repository -->
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
</repositories>
</atlassian-user>
1.1. Active Directory (LDAP)
The example below describes LDAP. However, please notice the example below is applicable for ApacheDS and OpenLDAP.
Now that we have prepared the "atlassian-user-custom.xml" to receive our LDAP configuration, it is time to review our Active Directory with User(s) and Group(s) that will become available to Bamboo.
We are going to set up an Organization Unit (i.e.: OU=BambooLDAP) and within this Organization Unit, we are going to create Groups (i.e.: CN=bamboo-admin, CN=bamboo-user).
Now, we are going to create Users under the Users directory:
In the above, we have created 3 users:
- Sample User. A
- Sample User. B
- Sample User. C
Now, lets add Users to Groups
In the illustration above, the user "Sample User. A
" has been added to the "bamboo-admin
" group.
Please, notice the when searching for group name "bamboo-admin
" more then one record has been found, so we had to select the appropriated group, in this example the group is located under BambooLDAP
As a result we would have:
- Sample User. A belongs to "bamboo-admin"
- Sample User. B belongs to "bamboo-user"
- Sample User. C belongs to "bamboo-user"
1.2. atlassian-user-custom.xml
Now that we have users and groups set up in our Active Directory, it is time to set them up in "atlassian-user-custom.xml":
<atlassian-user>
<repositories>
<!-- LDAP repository -->
<ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true">
<!--
[HOSTNAME], the hostname to your LDAP, (i.e.: 192.168.10.71)
[DISPLAY-NAME], i.e.: Sample User. A
[PASSWORD], password to authenticate "Sample User. A"
-->
<host>[HOSTNAME]</host>
<port>389</port>
<!--
in <security...> we are going to authenticate our LDAP configuration against a user in our Active Directory
whereas, in this example we will be using "Sample User. A" as user
-->
<securityPrincipal>CN=[DISPLAY-NAME],CN=Users,DC=example,DC=com</securityPrincipal>
<securityCredential>[PASSWORD]</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>DC=example,DC=com</baseContext>
<!--
in <baseUserNamespace> we are going to specify where our users have been created in the Active Directory
-->
<baseUserNamespace>CN=Users,DC=example,DC=com</baseUserNamespace>
<!--
in <baseGroupNamespace> we are going to specify where our groups have been created in the Active Directory
-->
<baseGroupNamespace>OU=BambooLDAP,DC=example,DC=com</baseGroupNamespace>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>
<usernameAttribute>sAMAccountName</usernameAttribute>
<!--
in <userSearchFilter> we are going to get all users that are members of "bamboo-admin" and "bamboo-user" groups
-->
<userSearchFilter>(&(objectClass=person)(|(memberOf=CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com)(memberOf=CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com)))</userSearchFilter>
<firstnameAttribute>givenName</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<!--
in <groupSearchFilter> we are going to get all the groups specified in <baseGroupNamespace>
-->
<groupSearchFilter>(&(objectClass=group))</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
</ldap>
<!-- Default bamboo user repository -->
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
</repositories>
</atlassian-user>
Identifying the attributes above in your LDAP | |
---|---|
|
|
2. Validate your LDAP settings prior to integrating with Bamboo
Now, that we have configured our "atlassian-user-custom.xml" file with instructions to connect to our LDAP, it is time to validate our settings.
Please refer to Testing LDAP or Active Directory connectivity with Paddle documentation for further information.
- please, copy "atlassian-user-custom.xml" to outside <bamboo-home> directory.
- please, rename "atlassian-user-custom.xml" to "atlassian-user.xml" as Paddle will search for this file
please, run paddle as per following:
# command java -jar paddle-2.0.jar debug limit=100
As a result, you should get the following response:
########################################################################################################################### LDAP Support Tool version 2.0 ########################################################################################################################### Connected to server successfully ----------------------------------------------------------------- TEST 1: Search and list 100 users ----------------------------------------------------------------- User: CN=Sample User. A,CN=Users,DC=example,DC=com Member of: CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com User: CN=Sample User. B,CN=Users,DC=example,DC=com Member of: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com User: CN=Sample User. C,CN=Users,DC=example,DC=com Member of: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com ----------------------------------------------------------------- TEST 2: Search and list 100 groups ----------------------------------------------------------------- Group: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com Members: CN=Sample User. C,CN=Users,DC=example,DC=com CN=Sample User. B,CN=Users,DC=example,DC=com Group: CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com Members: CN=Sample User. A,CN=Users,DC=example,DC=com
As you can see in the above response:
- Users (Sample User. A, Sample User. B, Sample User. C) have been found and
- Groups (bamboo-admin, bamboo-user) have been found.
In case you did not have User(s) and/or Group(s) listed in the response from Paddle, please review the settings before integrating "atlassian-user-custom.xml" with Bamboo.
3. Integrate LDAP with Bamboo
Now, that we have tested our LDAP configuration against Paddle and users and groups have been retrieved it is time to integrate our "atlassian-user-custom.xml" with Bamboo.
Please, copy "atlassian-user-custom.xml" back into <bamboo-home>/xml-data/configuration directory.
Please, notice Bamboo will search for "atlassian-user-custom.xml
" under <bamboo-home>/xml-data/configuration directory in order to enable the "Custom user repository
" under "Bamboo administration >> Security >> User repositories
"
Please, start Bamboo
Please, go to "Bamboo administration >> Security >> User repositories" and select "Custom user repository"
Please, go to "Bamboo administration >> Security >> Users" and you should find the following: