After you create a new domain, you can select
to display the parameter page for a specific domain. The system assigns default values to some parameters (and leaves others blank) when you create the domain.Edit the values for any of the fields, then click Save to add the new values to the database. The following topics describe each category of parameters.
The first row of parameters covers basic properties:
Name is the system name for the LDAP domain. It need not be the same as the host name. This is an identifier used only by the system to store a set of LDAP parameters. When you use an IDE plug-in to connect to the system, use this name when configuring your login to use a particular domain. Also, when a user logs in to the system, a Domain field appears on the login page if any domains exist; the field lists the domains according to their Name values.
Admin DN is the account to use when searching the LDAP server database. If your server allows an anonymous bind for searching the database, leave the Admin DN field blank. Some LDAP servers require an administrative bind in order to search the database. This setting allows you to specify the DN of the administrator account, as shown in the following example. Use a comma-separated list to specify one or more accounts.
cn=Administrator,cn=users,dc=example,dc=com
Specify the password for the Admin DN account in the Password and Verify Password fields.
Set this value to Yes if you want to get access group information from your LDAP database. If you set it to yes, the system gets access group information from the LDAP database every time an LDAP user logs in, meaning that any changes made to the user's group memberships in the Management Console are overwritten. When you set this value to Yes, you must map LDAP groups to Management Console access groups by setting the LDAP Group DNs property for each access group.
If you are using LDAP and this setting is set to No, then you must assign LDAP users to groups within the Management Console after they have logged in to the console at least once.
After the first row, the parameters are organized in columns. The following paragraphs describe them, column by column:
Host is the host name (and optionally, port) of the LDAP or Microsoft® Active Directory server. Required.
Examples:
ldapserver.mycompanyname.com
ldap.mycompany.com:9000
Password stores the password for the Admin DN account.
Verified repeats the password for verification purposes.
Protocol identifies the protocol Build Forge uses to read and write data from the directory service for the purpose of authenticating Build Forge users. The default is LDAP. If you need to support LDAP traffic over SSL (or LDAPS), select LDAPS, and complete additional setup to allow Build Forge to access and use the LDAPS-enabled directory service. See .
Display Name identifies the keyname in the LDAP schema that holds the user's full name.
Distinguished Name identifies the keyname in the LDAP schema that holds the Distinguished Name for a user account.
Mail Name identifies the keyname in the LDAP schema that holds the user's email address.
Group Name identifies the keyname in the LDAP schema that holds the list of groups the user is a member of. This group list drives the authentication permissions and access permissions.
Authorized Group DN defines the distinguished name of an LDAP group that should be allowed to log in to the Management Console. Leave this setting blank to allow any valid LDAP user to log in to the console. When it is set to the LDAP DN string for a group in the LDAP database, then only members of that group are allowed to log in to the console.
Search Base defines the search string used to query LDAP records for users. Required.
cn=users,dc=buildforge,dc=com
Unique Identifier identifies the field in the LDAP database that should be compared against the user login. Use a % character as a placeholder for the login name entered by the user. Thus, this filter maps the user's login name to a field in the LDAP database. Required.
(sAMAccountName=%)
In many LDAP databases, group membership information is part of each user record. But if your LDAP database stores group membership in a separate table, the system can perform a separate query to get that information. If you need such a query, configure the following two parameters:
Groups Search Base defines the search string used to query LDAP records for group data.
cn=groups,dc=buildforge,dc=com
Groups Unique Identifier identifies the field in the LDAP database that should be compared against the user login to uniquely identify the user, but in this case it is used to filter the user's data from the group table(s). The filter can use any of the data fields retrieved from the user's account as a key into the groups table. Use the %fieldname% syntax to identify a field.
sAMAccountName=%sAMAccountname%