I'm configuring LDAP authentication in TeamCity 7.1.2 in a Windows domain (Active Directory).
Basically it works (I can log in with my domain user!), but every user in the whole company can log in.
--> Now I'm trying to restrict access to the developers only.
I found this example in the TeamCity docs:
# filtering only users with specified name and belonging to LDAP group "Group1" with DN "CN=Group1,CN=Users,DC=example,DC=com"
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=Group1,CN=Users,DC=example,DC=com))
So I just need to replace CN=Group1,CN=Users,DC=example,DC=com
with the the LDAP group where my user is.
But querying LDAP is completely new to me, so I'm not able to figure out the right syntax.
My user is here:
So it's:
CompanyName.de/CompanyName/IT/Entwickler/
"CompanyName", "IT" and "Entwickler" are organizational units.
I understand that the syntax would be:
OU=Entwickler,OU=IT,OU=CompanyName,DC=CompanyName,DC=de
When I put that into TeamCity's config file, I can't log in and TeamCity writes this to its log files:
Search in LDAP: base='DC=CompanyName,DC=de', filter='(&(sAMAccountName=MyUser)(memberOf=OU=Entwickler,OU=IT,OU=CompanyName,DC=CompanyName,DC=de))', scope=2, attributes=[sAMAccountName, distinguishedName] resulted in error
and:
Login for user "MyUser" failed: javax.security.auth.login.LoginException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=CompanyName,DC=de'
What am I doing wrong?
NOTE:
It might be possible that my query is correct, and this is an issue in TeamCity.
(the version that I'm using does have some issues concerning LDAP, but they get other error messages than I do)
Maybe I will post this on TeamCity's issue tracker, but before I wanted to make sure that the error doesn't occur because I've got the LDAP query wrong, hence the question here.