BuildForge Help

LDAP Domain Parameters

After you create a new domain, you can select Administration > LDAP > <Domain Name> to display the parameter page for a specific domain. The system assigns default values to some parameters (and leaves others blank) when you create the domain.

Figure 1. LDAP Domain Configuration Parameters

Edit the values for any of the fields, then click Save to add the new values to the database. The following topics describe each category of parameters.

The first row of parameters covers basic properties:

Name is the system name for the LDAP domain. It need not be the same as the host name. This is an identifier used only by the system to store a set of LDAP parameters. When you use an IDE plug-in to connect to the system, use this name when configuring your login to use a particular domain. Also, when a user logs in to the system, a Domain field appears on the login page if any domains exist; the field lists the domains according to their Name values.

Admin DN is the account to use when searching the LDAP server database. If your server allows an anonymous bind for searching the database, leave the Admin DN field blank. Some LDAP servers require an administrative bind in order to search the database. This setting allows you to specify the DN of the administrator account, as shown in the following example. Use a comma-separated list to specify one or more accounts.

cn=Administrator,cn=users,dc=example,dc=com

Specify the password for the Admin DN account in the Password and Verify Password fields.

Map Access Groups selects whether or not the system tries to map group information from the LDAP server to access groups in the Management Console to determine what groups the user should be a member of. The default value is No.

After the first row, the parameters are organized in columns. The following paragraphs describe them, column by column:

Host is the host name (and optionally, port) of the LDAP or Microsoft® Active Directory server. Required.

Examples:

ldapserver.mycompanyname.com
ldap.mycompany.com:9000

Password stores the password for the Admin DN account.

Verified repeats the password for verification purposes.

Bind User Account determines whether the system attempts to validate the user's credentials:

Protocol identifies the protocol Build Forge uses to read and write data from the directory service for the purpose of authenticating Build Forge users. The default is LDAP. If you need to support LDAP traffic over SSL (or LDAPS), select LDAPS, and complete additional setup to allow Build Forge to access and use the LDAPS-enabled directory service. See .

Display Name identifies the keyname in the LDAP schema that holds the user's full name.

Distinguished Name identifies the keyname in the LDAP schema that holds the Distinguished Name for a user account.

Mail Name identifies the keyname in the LDAP schema that holds the user's email address.

Group Name identifies the keyname in the LDAP schema that holds the list of groups the user is a member of. This group list drives the authentication permissions and access permissions.

Authorized Group DN defines the distinguished name of an LDAP group that should be allowed to log in to the Management Console. Leave this setting blank to allow any valid LDAP user to log in to the console. When it is set to the LDAP DN string for a group in the LDAP database, then only members of that group are allowed to log in to the console.

Search Base defines the search string used to query LDAP records for users. Required.

Example:
cn=users,dc=buildforge,dc=com

Unique Identifier identifies the field in the LDAP database that should be compared against the user login. Use a % character as a placeholder for the login name entered by the user. Thus, this filter maps the user's login name to a field in the LDAP database. Required.

Example:
(sAMAccountName=%)

In many LDAP databases, group membership information is part of each user record. But if your LDAP database stores group membership in a separate table, the system can perform a separate query to get that information. If you need such a query, configure the following two parameters:

Groups Search Base defines the search string used to query LDAP records for group data.

Example:
cn=groups,dc=buildforge,dc=com

Groups Unique Identifier identifies the field in the LDAP database that should be compared against the user login to uniquely identify the user, but in this case it is used to filter the user's data from the group table(s). The filter can use any of the data fields retrieved from the user's account as a key into the groups table. Use the %fieldname% syntax to identify a field.

For example, if your groups table has each user's sAMAccountname field as a key, you might use the following as your filter:
sAMAccountName=%sAMAccountname%