 | TeamCity 4.0 is not yet released and is actively developed. You can try it within our Early Access Program. Released verisons documentation. |
|
Documentation Index
|
Out-of-the-box TeamCity Enterprise edition supports three authentication schemes:
<auth-type> <!-- Active login module class, see below --> <login-module class="jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="false" /> </auth-type> Authentication type is defined by the login module, welcome message and the possibility to use anonymous login. Built-in login modules are:
Default AuthenticationConfiguration of <TeamCity data directory>/config/main-config.xml: <auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.DefaultLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> <!-- Allow users to self-register (only for modules which support this feature, e.g. DefaultLoginModule) (true|false) --> <free-registration allowed="true" /> </auth-type> Users database is maintained by TeamCity. New users are added by TeamCity administrator (in administration area section) or user are self-registered if <free-registration allowed="true" /> tag is specified. Windows Domain AuthenticationConfiguration of <TeamCity data directory>/config/main-config.xml: <auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are allowed (true|false) --> <guest-login allowed="true" /> </auth-type> Prior to TeamCity 3.1, Windows Domain Authentication was supported only if TeamCity server was installed under Windows 2000, Windows XP or Windows Server 2003. See below for the features introduced in 3.1. Prior to TeamCity 3.1, all Windows domain users that can log on to the machine running TeamCity server can also log in into TeamCity using the same credentials. To log in to TeamCity users should provide their user name in the form DOMAIN\user.name and their domain password. TeamCity 3.1 also supports logging in using <username>@<domain> syntax. It is also possible to log in using only a username if the domain is added to the <TeamCity data directory>/config/ntlm-config.properties file. Windows Domain Authentication on Unix-like ComputersTeamCity supports Windows Domain Authentication on Unix-like computers. For this to work, check the <TeamCity data directory>/config/ntlm-config.properties file and make sure the following line is commented out. # ntlm.compatibilityMode=true
Please refer to the http://jcifs.samba.org/src/docs/api/ page for information about other supported properties. If you want to use the NT domain authentication available in TeamCity version prior to 3.1, ensure the line ntlm.compatibilityMod=true is present and not commented in the ntlm-config.properties file. LDAP AuthenticationConfiguration of <TeamCity data directory>/config/main-config.xml: <auth-type> <login-module class="jetbrains.buildServer.serverSide.impl.auth.LDAPLoginModule" /> <!-- Welcome message displayed to users on login form --> <login-description>Welcome to TeamCity, your team building environment!</login-description> <!-- Whether anonymous "view-only" logins are supported --> <guest-login allowed="true" /> </auth-type> Authentication is performed by direct login into LDAP with credentials entered into the login form. Environment for initial context is initialized with java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory and then all properties from <TeamCity data directory>/config/ldap-config.properties file are loaded. Refer to the http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html page for more information about property names and values. Use the LDAP explorer to browse LDAP directory and verify the settings (i.e.http://www.jxplorer.org/). You can also specify multiple servers using the following pattern: java.naming.provider.url="ldap://ldap.mycompany.com:389 ldap://ldap2.mycompany.com:389 ldap://ldap3.mycompany.com:389"
Active DirectoryThe following template enables authentication against active directory: Add the following code to the <TeamCity data directory>/config/ldap-config.properties file. java.naming.referral=follow
java.naming.provider.url=ldap://main.labs.intellij.net:389/CN=users,DC=Labs,DC=IntelliJ,DC=Net
java.naming.security.authentication=simple
Non-AD LDAP server issuesBy default login format is restricted to DOMAIN\sAMAccountName (i.e. "LABS\alexey.gopachenko"). But since version 2.1 you can override this restriction by adding property loginFilter, value is java.util.RegEx expression to match against. (I.e. loginFilter=.+ will accept any non-empty login). OpenLDAP users can benefit from formatDN property. If formatDN is defined then it is used as user DN with $login$ substring replaced with anything what user enters into login field, i.e formatDN=uid=$login$,ou=people,dc=company,dc=com See Also:
|
