Set up LDAP authentication for the CollabNet TeamForge server

Follow these steps to make your CollabNet TeamForge installation authenticate against your corporate OpenLDAP server.

Note: Only OpenLDAP is supported, but with some modifications you may be able to make a simple Active Directory integration work as well. See the suggested modifications for login-config.xml.
  1. Shut down CollabNet TeamForge.
    • /etc/init.d/httpd stop
    • /etc/init.d/collabnet stop
    • /etc/init.d/postgresql stop
  2. Copy the LDAP configuration file to the data directory.
    • cd /opt/collabnet/teamforge
    • cp dist/jboss/jboss-4.2.3.GA/server/default/conf/login-config.xml var/etc/login-config.xml
  3. Edit the <installation_source>/conf/site-options.conf file.
    1. Tell CollabNet TeamForge to use LDAP authentication. Under "External User Authentication," uncomment this line:
      • USE_EXTERNAL_USER_AUTHENTICATION=false

      and change its value to true.

    2. Tell CollabNet TeamForge where to look for your LDAP configuration settings. Uncomment this line:
      • LOGIN_CONFIG_XML_FILE={__DATA_DIR__}/etc/login-config.xml
      Note: DATA_DIR is usually mapped to the /opt/collabnet/teamforge/var directory. You may want to check the SITE_DIR and DATA_DIR variables.
    3. Check that the MINIMUM_PASSWORD_LENGTH variable matches the limit used on the LDAP server. If your LDAP server does not enforce a minimum password length, set MINIMUM_PASSWORD_LENGTH to 0 (zero).
      Note: If a password is used in LDAP that is shorter than the minimum allowable password length in CollabNet TeamForge, you will not be able to create the user in CollabNet TeamForge.
  4. In the /opt/collabnet/teamforge/var/etc/login-config.xml file, modify the TeamForge application-policy block to enable CollabNet TeamForge to authenticate against your LDAP server.
    Tip: The application-policy block begins on line 113 of the login-config.xml file.
    1. Replace the TeamForge application-policy block with the code listed in the sample application-policy block in login-config.xml.
    2. Replace principalDNPrefix with your LDAP username parameter. In the example application-policy block, the username is stored in LDAP as the uid parameter.
      Note: Make sure to include the trailing = in the prefix.
    3. Replace principalDNSuffix with the LDAP domain in which usernames are stored.
      Note: Make sure to include the leading comma in the suffix if one is needed.
    4. Replace java.naming.provider.url with the URL of your LDAP server. In the example application-policy block, the URL of the LDAP server is ldap://util.dev.sf.net:389/.
      Note: Make sure to include ldap:// at the beginning of the URL.
  5. Save all the files you have edited and change their ownership back to ctf-admin.
    • chown ctf-admin.ctf-admin login-config.xml
  6. Recreate the runtime environment.
    • ./install.sh -V -r -d <SITE_DIR>
Up: Authenticate users with LDAP
Related concepts
Does TeamForge work with LDAP?
Related reference
login-config.xml

Questions? Comments? Talk to other TeamForge users and CollabNet engineers.

Copyright 2009 CollabNet Corporation | Site Feedback | Terms of Use | Privacy Policy | Copyright and Trademark | Support