Configuring LDAP

Follow these steps to configure LDAP authentication.

Prerequisites

Procedure

  1. Try connecting to your AD or LDAP installation with a separate LDAP exploration tool to ensure that all configuration properties are correct before you attempt to configure these in Team Studio.
  2. Install Team Studio.
  3. Edit the <installation directory>/shared/ldap.properties file to configure LDAP in Team Studio.
  4. Change the default entries of the ldap.properties to match your LDAP installation. See the ldap.properties.active_directory or ldap.properties.opensource_ldap files for examples. Here is an example:
     LDAP Settings for Active Directory
    # Set this property to true to enable LDAP authentication. Default is false.
    ldap.enable = false
    # Host and port for accessing LDAP server.
    ldap.host = localhost
    ldap.port = 389
    # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
    ldap.start_tls = false
    #LDAP root for search and query
    ldap.base = DC=www,DC=example,DC=com
    # username and password used for binding to LDAP server
    ldap.bind.username = uid=admin,ou=system
    ldap.bind.password = q2W#e4R%
     
    #-----  Uncomment following properties to enable group membership authentication ------#
    # Note that all three entries must either be commented or uncommented
    # List of LDAP group names that are used for verifying group membership.
    # NOTE: For release 5.3, only one group is supported.
    #ldap.group.names = OtherGroup
    # Search base for looking up members in the groups above.
    #ldap.group.search_base = DC=www,DC=example,DC=com
    #Group Filter for Active Directory. This will work only for Active Directory
    #ldap.group.filter = (memberOf={0})
    #------------------------------------------------------------------------------------------#
    # Search base for user authentication
    ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
    #Search filter for user authentication. This will work only for Active Directory
    ldap.user.filter = (sAMAccountName={0})
    # Mappings of Chorus user properties to LDAP user attributes.
    ldap.attribute.uid = sAMAccountName
    ldap.attribute.ou = department
    ldap.attribute.gn = givenName
    ldap.attribute.sn = sn
    ldap.attribute.mail = mail
    ldap.attribute.title = title
    Note: If you want to add users from two different groups (for example, Marketing and Sales) but Team Studio supports only one LDAP group, you have two options:
    • Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group.
    • Disable group search by commenting the lines below from ldap.properties. Then, as an Admin, manually add each user to Team Studio.
      • ldap.group.search_base
      • ldap.group.filter
      • ldap.group.names
  5. Restart Team Studio as follows after making changes to ldap.properties:
    $ chorus_control.sh restart
  6. Bulk import LDAP users with a rake command. This rake task reads the LDAP configuration from the ldap.properties file and imports users from the LDAP group specified in the ldap.group.names property into the Team Studio database.
    Note: Release 5.3 supports just one group.
    cd  $CHORUS_HOME
    export RAILS_ENV=production
    export PATH=$PATH:$CHORUS_HOME/current/bin
    cd  $CHORUS_HOME/current
    rake ldap:import_users