Other resources
Index
Downloads (PDF, HTML & XML formats)
[FishEye Knowledge Base]
Developer docs
Documentation for FishEye 2.8.x. Documentation for other versions is available too. 
This page explains the settings for LDAP authentication and their parameters.
On this page:
Global Settings
Global LDAP settings are:
URL | The URL of the LDAP server, e.g. |
Base DN | The base search space for users, e.g. |
User Filter | The LDAP search for locating users, e.g. |
UID Attribute | The name of the username attribute in objects matching the filter. |
Email attribute | Optional. The name of an attribute giving the user's email address. |
Cache TTL (positive) | How long FishEye should cache permission checks. Example values are: |
Auto-add | FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against LDAP. |
Initial bind DN and password | Optional. If your LDAP server does not allow anonymous bind, then you need to specify a user FishEye can use to do its initial bind. |
Synchronise users with Crowd | Optional. Sets whether users will be loaded from an external directory. |
Per-Repository Settings
You can give FishEye an LDAP filter that will be used to check if a user has access to individual repositories.
To specify this filter for a repository, open the Permission settings of the repository, and check the Apply LDAP restriction option. Then just below the checkbox, type the filter string:
LDAP restriction | An LDAP filter used to check if a given user can access a given repository, e.g. |
Match Type | One of 'user' (default) or 'any'. This setting modifies how the search results are interpreted.
|
When writing your LDAP filter, the following expressions are available:
${USERNAME}will be replaced by the username of the logged user${DN}will be replaced by the Distinguished Name of the logged user${REP}will be replaced by the name of the repository the logged user is trying to access
Example
To allow an user to access a repository only if he or she is part of the group AuthorizedGroup, specify a LDAP filter such as: (&(uniqueMember=${USERNAME})(cn=AuthorizedGroup)(objectClass=groupofuniquenames)) and set the Match Type as Any.
Testing the LDAP restriction
To test the LDAP restriction, you can use Apache Directory Studio:
- add a connection to your LDAP server (if you use Active Directory, use the following instructions)
- in the LDAP menu, click on New Connection
- enter the same URL and port as you did for FishEye
- click on Next and enter the same Bind DN and password as in Global settings (see Initial bind DN and password above)
- click on Finish
- in the LDAP menu, and click on New Search
- in the Search dialog,
- select the connection to your LDAP server
- enter the same Base DN you configured in Global settings next to the Search Base textbox
- enter the LDAP filter next to the Filter textbox (if the filter contains
${USERNAME}or${REP}, replace them by the username or repository name you want to test) - select Subtree in the Scope section
- click on Search
Active Directory
To have FishEye connect to an Active Directory server, use settings such as the following:
URL |
|
Base DN |
|
User Filter |
|
UID Attribute |
|
Email attribute |
|
Initial bind DN |
|
Overview
Content Tools
Apps
See answers from the community.
Raise an issue for our developers or tech writers.
Log a request with our support team.
Tweet, blog and update our documentation.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.