charlieanstey/ldap-config.properties

## ldap-config.properties
### MANDATORY SETTINGS ###

# The url(s) of LDAP server, with URL escaping e.g. "%20"
java.naming.provider.url=ldap://dc.degree53.local:389/DC=degree53,DC=local

# The credentials to browse and sync LDAP
java.naming.security.principal=teamcity
java.naming.security.credentials=

# Users base DN, relative to "java.naming.provider.url"
teamcity.users.base=OU=Users,OU=Degree53

# LDAP filter to search for LDAP user in "teamcity.users.base"
teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

# The name of LDAP attribute that will be used to match LDAP entries with TeamCity users.
# The value of the attribute will be used as TeamCity user's username.
# If omitted, value of $capturedLogin$ will be used as TeamCity user's username.
teamcity.users.username=sAMAccountName

# Optional additional Java Naming options for advanced usages,
#   see http://docs.oracle.com/javase/6/docs/api/javax/naming/Context.html#field_detail
java.naming.referral=follow
java.naming.security.authentication=none

### USERNAME TRANSFORMATION SETTINGS ###

# Regex to deny login if contains "\" or "@".
teamcity.auth.loginFilter=[^/\\\\@]+

# Pattern extracts login name, puts into "$capturedLogin$" substitution so will be "JSmith" if user entered EXAMPLE\JSmith
teamcity.users.login.capture=EXAMPLE\\\\(.*)

# LDAP SYNCHRONIZATION

### USERS SETTINGS ###

# Set to "true" to enable the synchronization for existig users' properties.
# For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
teamcity.options.users.synchronize=true

# The user search LDAP filter used to retrieve users to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.users.base".
# Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
teamcity.users.filter=(objectClass=user)

### GROUPS SETTINGS ###
# Group sync. Requires ldap-mapping.xml

# Enable sync of groups in ldap-mapping.xml
teamcity.options.groups.synchronize=true

# Groups base DN, relative to "java.naming.provider.url"
teamcity.groups.base=OU=Security Groups,OU=Groups,OU=Degree53

# The group search LDAP filter used to retrieve groups to synchronize.
# The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
teamcity.groups.filter=(objectClass=group)

# Set to "true" to enable automatic user creation and deletion during group synchronization.
teamcity.options.createUsers=true
teamcity.options.deleteUsers=true

### OPTIONAL SETTINGS ###

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000

# Attribute showing member of the group.
teamcity.groups.property.member=member

# The name of LDAP attribute to retrieve user's full name
teamcity.users.property.displayName=displayName

# The name of LDAP attribute to retrieve user's email
teamcity.users.property.email=mail

# Git username of users based on LDAP username attribute
teamcity.users.property.plugin\:vcs\:jetbrains.git\:anyVcsRoot=sAMAccountName

# Forces TeamCity to ignore manual user changes to properties and apply LDAP values,
teamcity.users.forceUpdatePropertiesDuringSync=true

# Fetched only groups mentioned in mapping file from LDAP.
teamcity.groups.fetchOnlyMappedGroups=true

## ldap-mapping.xml
<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
<mapping>
  <group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_Development,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="IT" ldapGroupDn="CN=SG_IT,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="TEST" ldapGroupDn="CN=SG_Test,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
</mapping>
	### MANDATORY SETTINGS ###

	# The url(s) of LDAP server, with URL escaping e.g. "%20"
	java.naming.provider.url=ldap://dc.degree53.local:389/DC=degree53,DC=local

	# The credentials to browse and sync LDAP
	java.naming.security.principal=teamcity
	java.naming.security.credentials=

	# Users base DN, relative to "java.naming.provider.url"
	teamcity.users.base=OU=Users,OU=Degree53

	# LDAP filter to search for LDAP user in "teamcity.users.base"
	teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

	# The name of LDAP attribute that will be used to match LDAP entries with TeamCity users.
	# The value of the attribute will be used as TeamCity user's username.
	# If omitted, value of $capturedLogin$ will be used as TeamCity user's username.
	teamcity.users.username=sAMAccountName

	# Optional additional Java Naming options for advanced usages,
	# see http://docs.oracle.com/javase/6/docs/api/javax/naming/Context.html#field_detail
	java.naming.referral=follow
	java.naming.security.authentication=none

	### USERNAME TRANSFORMATION SETTINGS ###

	# Regex to deny login if contains "\" or "@".
	teamcity.auth.loginFilter=[^/\\\\@]+

	# Pattern extracts login name, puts into "$capturedLogin$" substitution so will be "JSmith" if user entered EXAMPLE\JSmith
	teamcity.users.login.capture=EXAMPLE\\\\(.*)

	# LDAP SYNCHRONIZATION

	### USERS SETTINGS ###

	# Set to "true" to enable the synchronization for existig users' properties.
	# For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
	teamcity.options.users.synchronize=true

	# The user search LDAP filter used to retrieve users to synchronize.
	# The search is performed inside the LDAP entry denoted by "teamcity.users.base".
	# Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
	teamcity.users.filter=(objectClass=user)

	### GROUPS SETTINGS ###
	# Group sync. Requires ldap-mapping.xml

	# Enable sync of groups in ldap-mapping.xml
	teamcity.options.groups.synchronize=true

	# Groups base DN, relative to "java.naming.provider.url"
	teamcity.groups.base=OU=Security Groups,OU=Groups,OU=Degree53

	# The group search LDAP filter used to retrieve groups to synchronize.
	# The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
	teamcity.groups.filter=(objectClass=group)

	# Set to "true" to enable automatic user creation and deletion during group synchronization.
	teamcity.options.createUsers=true
	teamcity.options.deleteUsers=true

	### OPTIONAL SETTINGS ###

	# The time interval between synchronizations (in milliseconds). By default, it is one hour.
	teamcity.options.syncTimeout = 3600000

	# Attribute showing member of the group.
	teamcity.groups.property.member=member

	# The name of LDAP attribute to retrieve user's full name
	teamcity.users.property.displayName=displayName

	# The name of LDAP attribute to retrieve user's email
	teamcity.users.property.email=mail

	# Git username of users based on LDAP username attribute
	teamcity.users.property.plugin\:vcs\:jetbrains.git\:anyVcsRoot=sAMAccountName

	# Forces TeamCity to ignore manual user changes to properties and apply LDAP values,
	teamcity.users.forceUpdatePropertiesDuringSync=true

	# Fetched only groups mentioned in mapping file from LDAP.
	teamcity.groups.fetchOnlyMappedGroups=true
	<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
	<mapping>
	<group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_Development,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	<group-mapping teamcityGroupKey="IT" ldapGroupDn="CN=SG_IT,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	<group-mapping teamcityGroupKey="TEST" ldapGroupDn="CN=SG_Test,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	</mapping>