Configuring LDAP

Follow these steps to configure LDAP authentication.

1. Try connecting to your AD or LDAP installation with a separate LDAP exploration tool to ensure that all configuration properties are correct before you attempt to configure these in Team Studio.
2. Install Team Studio.
3. Edit the <installation directory>/shared/ldap.properties file to configure LDAP in Team Studio.
4. Change the default entries of the ldap.properties to match your LDAP installation. See the ldap.properties.active_directory or ldap.properties.opensource_ldap files for examples. Here is an example:

    LDAP Settings for Active Directory
   # Set this property to true to enable LDAP authentication. Default is false.
   ldap.enable = false
   # Host and port for accessing LDAP server.
   ldap.host = localhost
   ldap.port = 389
   # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
   ldap.start_tls = false
   #LDAP root for search and query
   ldap.base = DC=www,DC=example,DC=com
   # username and password used for binding to LDAP server
   ldap.bind.username = uid=admin,ou=system
   ldap.bind.password = q2W#e4R%
    
   #-----  Uncomment following properties to enable group membership authentication ------#
   # Note that all three entries must either be commented or uncommented
   # List of LDAP group names that are used for verifying group membership.
   # NOTE: For release 5.3, only one group is supported.
   #ldap.group.names = OtherGroup
   # Search base for looking up members in the groups above.
   #ldap.group.search_base = DC=www,DC=example,DC=com
   #Group Filter for Active Directory. This will work only for Active Directory
   #ldap.group.filter = (memberOf={0})
   #------------------------------------------------------------------------------------------#
   # Search base for user authentication
   ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
   #Search filter for user authentication. This will work only for Active Directory
   ldap.user.filter = (sAMAccountName={0})
   # Mappings of Chorus user properties to LDAP user attributes.
   ldap.attribute.uid = sAMAccountName
   ldap.attribute.ou = department
   ldap.attribute.gn = givenName
   ldap.attribute.sn = sn
   ldap.attribute.mail = mail
   ldap.attribute.title = title

   Note: If you want to add users from two different groups (for example, Marketing and Sales) but Team Studio supports only one LDAP group, you have two options:

   • Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group.
   • Disable group search by commenting the lines below from ldap.properties. Then, as an Admin, manually add each user to Team Studio.
     • ldap.group.search_base
     • ldap.group.filter
     • ldap.group.names
5. Restart Team Studio as follows after making changes to ldap.properties:

   $ chorus_control.sh restart

6. Bulk import LDAP users with a rake command. This rake task reads the LDAP configuration from the ldap.properties file and imports users from the LDAP group specified in the ldap.group.names property into the Team Studio database.
   Note: Release 5.3 supports just one group.

   cd  $CHORUS_HOME
   export RAILS_ENV=production
   export PATH=$PATH:$CHORUS_HOME/current/bin
   cd  $CHORUS_HOME/current
   rake ldap:import_users