 |
You are viewing documentation of TeamCity 2.x, which is not the most recent released version of TeamCity. Please refer to the listing to choose another version. |
|
Documentation Index
|
Authentication SettingsOut-of-the-box TeamCity supports three authentication schemes:
Active authentication scheme is configured in the auth-type section of the main-config.xml file located in the <TeamCity Data Directory>/config directory, for example: To change the authentication scheme, edit the class attribute of the login-module tag. Built-in login modules are:
TeamCity extensibility note: Any implementation of javax.security.auth.spi.LoginModule can be used, provided it is registered via jetbrains.buildServer.serverSide.auth.LoginModuleDescriptor bean. Use <guest-login allowed="true|false"/> to toggle the anonymous login on and off. Configuring the Login ModulesDefault AuthenticationConfiguration of <TeamCity Data Directory>/config/main-config.xml: Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area section) or user are self-registered if <free-registration allowed="true" /> tag is specified. NT AuthenticationConfiguration of <TeamCity Data Directory>/config/main-config.xml: This scheme requires that TeamCity server is installed under Windows 2000, Windows XP or Windows Server 2003. All NT domain users that can log on to the machine running TeamCity server can also login into TeamCity using the same credentials. i.e. to login to TeamCity users should provide user name in the form DOMAIN\user.name and their domain password. LDAP AuthenticationConfiguration of <TeamCity Data Directory>/config/main-config.xml: Authentication is performed by direct login into LDAP with credentials entered into the login form. Environment for initial context is initialized with java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory and then all properties from .BuildServer/config/ldap-config.properties file are loaded (see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html for more info on property names and values). Use the LDAP explorer to browse LDAP directory and verify the settings (i.e.http://www.jxplorer.org/). Specifying the Active DirectoryUse following template to authenticate against active directory: .BuildServer/config/ldap-config.properties By default login format is restricted to DOMAIN\sAMAccountName (i.e. "LABS\alexey.gopachenko"). But since version 2.1 you can override this restriction by adding property loginFilter, value is java.util.RegEx expression to match against. (I.e. loginFilter=.+ will accept any non-empty login). You can also specify multiple servers using the following pattern: |