This documentation relates to an earlier version of Bamboo.
View

Unknown macro: {spacejump}

or visit the current documentation home.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Before you begin:

Warning: Before proceeding with LDAP integration, please backup your data.
Also note that once LDAP has been enabled on Bamboo, you cannot revert back to local user management.

Bamboo can be integrated with LDAP. At this time, the functionality is limited to authentication and authorisation of users. Bamboo does not let users manage/administer LDAP accounts or user groups.

However, Bamboo will continue to use locally created users, even when LDAP is enabled. This means that locally created users and groups can still be managed via Bamboo.

Also, note that Bamboo does not support multiple LDAP servers.

If you are new to LDAP, you may find the LDAP Usage FAQ useful.



Stage 1 - Configure Connection Details

The LDAP server connection is specified by manually editing the file atlassian-user.xml.

  1. Edit the file .../webapp/WEB-INF/classes/atlassian-user.xml and configure the connection AD or LDAP
  2. Check your configuration against the example connection details shown below. 
    <ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
    <host>hecate.atlassian.com</host>
    <port>389</port>
    <securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
    <securityCredential>secret</securityCredential>
    <securityProtocol>plain</securityProtocol>
    <securityAuthentication>simple</securityAuthentication>
    <baseContext>dc=atlassian,dc=private</baseContext>

....
  3. Please ensure that the following line is also active in your atlassian-user.xml (it should be there by default): 
    <hibernate name="Hibernate Repository" key="hibernateRepository"  description="Hibernate Repository" />

    To check whether atlassian-user.xml file is correctly configured, please run the paddle tool to debug the LDAP configuration in your atlassian-user.xml file

Stage 2 - Map LDAP Data Tree

  1. To configure the mappings in atlassian-user.xml for either AD or LDAP, please see:
  2. Check your configuration against the example connection details shown below. 
    ...

    <baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
    <baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
    <usernameAttribute>cn</usernameAttribute>
    <userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
    <firstnameAttribute>givenname</firstnameAttribute>
    <surnameAttribute>sn</surnameAttribute>
    <emailAttribute>mail</emailAttribute>
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
</ldap>

Stage 3 - Optional LDAP Settings

The following settings do not appear in the default atlassian-user.xml file:

<poolingOn>true</poolingOn>
<maxSize>0</maxSize>
<initSize>10</initSize>
<prefSize>10</prefSize>
<debugLevel>none</debugLevel>
<securityProtocol>plain ssl</securityProtocol>
<authentication>simple</authentication>
<timeout>0</timeout>
<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>
<batchSize>100</batchSize>
<timeToLive>0</timeToLive>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>


However, if you want to override the default values listed above, you can add the value onto the end like so:

...
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
    <initSize>20</initSize>
</ldap>

It is important that the connection pool timeout value be set to 0, as this will force Atlassian User (via the JNDI layer) to clean up lingering connections that have lived past one request. For more information about LDAP pools please see http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html.

Stage 4 - Assigning LDAP Users to Bamboo Groups

External User Management on LDAP

Ensure that External User Management is turned off in Bamboo before assigning LDAP users to Bambo groups.

Once Bamboo is started with LDAP enabled, you can assign LDAP users to Bamboo groups. Please see 5.05 Adding Users to and removing them from Groups.

RELATED TOPICS





Bamboo Documentation Home




















  • No labels



Log a request with our support team.



Raise an issue for our developers.



See answers from the community.



Tweet, blog and update our documentation.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.