 |
You are viewing documentation of TeamCity 3.x, which is not the most recent released version of TeamCity. Please refer to the listing to choose another version. |
|
Documentation Index
|
Authentication SettingsOut-of-the-box TeamCity Enterprise edition supports three authentication schemes:
Active authentication scheme is configured in the auth-type section of the main-config.xml file located in the <TeamCity data directory>/config directory, for example: Authentication type is defined by the login module, welcome message and the possibility to use anonymous login. Built-in login modules are:
Default AuthenticationConfiguration of TeamCity Data Directory/config/main-config.xml: Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area section) or user are self-registered if <free-registration allowed="true" /> tag is specified. Windows Domain AuthenticationConfiguration of TeamCity Data Directory/config/main-config.xml: Prior to TeamCity 3.1, Windows Domain Authentication was supported only if TeamCity server was installed under Windows 2000, Windows XP or Windows Server 2003. See below for the features introduced in 3.1. Prior to TeamCity 3.1, all Windows domain users that can log on to the machine running TeamCity server can also log in into TeamCity using the same credentials. To log in to TeamCity users should provide their user name in the form DOMAIN\user.name and their domain password. TeamCity 3.1 also supports logging in using <username>@<domain> syntax. It is also possible to log in using only a username if the domain is added to the TeamCity Data Directory/config/ntlm-config.properties file. Windows Domain Authentication on Unix-like Computers (TeamCity 3.1 Only)Support for Windows Domain Authentication on Unix-like computers is available in TeamCity 3.1. For this to work, check the <TeamCity data directory>/config/ntlm-config.properties file and make sure the following line is commented out. Please refer to the http://jcifs.samba.org/src/docs/api/ page for information about other supported properties. If you want to use the NT domain authentication available in TeamCity version prior to 3.1, ensure the line ntlm.compatibilityMod=true is present and not commented in the ntlm-config.properties file. LDAP AuthenticationConfiguration of <TeamCity data directory>/config/main-config.xml: Authentication is performed by direct login into LDAP with credentials entered into the login form. Environment for initial context is initialized with java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory and then all properties from <TeamCity data directory>/config/ldap-config.properties file are loaded. Refer to the http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html page for more information about property names and values. Use the LDAP explorer to browse LDAP directory and verify the settings (i.e.http://www.jxplorer.org/). You can also specify multiple servers using the following pattern: Active DirectoryThe following template enables authentication against active directory: Add the following code to the <TeamCity data directory>/config/ldap-config.properties file. Non-AD LDAP server issuesBy default login format is restricted to DOMAIN\sAMAccountName (i.e. "LABS\alexey.gopachenko"). But since version 2.1 you can override this restriction by adding property loginFilter, value is java.util.RegEx expression to match against. (I.e. loginFilter=.+ will accept any non-empty login). OpenLDAP users can benefit from formatDN property. If formatDN is defined then it is used as user DN with $login$ substring replaced with anyting what user enters into login field, i.e See also:
|
