0用户和组同步以下是我的LDAP日志和设置。 我想要做的是:1.将AD组“ccusers”映射到TeamCity中的一个组,并创build该组中的所有用户。 2.或者将AD组“所有人”中的所有用户添加到TeamCity中的“所有用户”组中。
我如何设置?
[2014-02-10 09:11:01,871] INFO - jetbrains.buildServer.LDAP - Starting synchronization session [2014-02-10 09:11:01,871] INFO - jetbrains.buildServer.LDAP - Fetching remote users and groups [2014-02-10 09:11:01,902] WARN - jetbrains.buildServer.LDAP - Total results: 0 [2014-02-10 09:11:01,917] INFO - jetbrains.buildServer.LDAP - LDAP groups mapping loaded [2014-02-10 09:11:01,964] WARN - jetbrains.buildServer.LDAP - Total results: 1 [2014-02-10 09:11:01,964] INFO - jetbrains.buildServer.LDAP - Last synchronization statistics: created users=0, updated users=0, deleted users=0, remote users=0, matched users=0, created groups=0, updated groups=0, deleted groups=0, remote groups=0, matched groups=0, duration=93ms, errors=[] # LDAP SYNCHRONIZATION #################################################################################################### ### USERS SETTINGS ### # Set to "true" to enable the synchronization for existig users' properties. # For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group teamcity.options.users.synchronize=true # The user search LDAP filter used to retrieve users to synchronize. # The search is performed inside the LDAP entry denoted by "teamcity.users.base". # Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one. #teamcity.users.filter=(objectClass=user) teamcity.users.filter=(&(objectCategory=Person)(memberof=CN=ccusers,OU=UNIX%20Security%20Groups,OU=CTD_CM_RMG,OU=Corporate%20Clients%20V2,DC=office,DC=adroot,DC=bmogc,DC=net)) ### GROUPS SETTINGS ### # These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists) # Set to "true" to enable the synchronization for groups listed in ldap-mapping.xml file. # IMPORTANT NOTE: TeamCity groups should be alredy created manually and listed in ldap-mapping.xml file. teamcity.options.groups.synchronize=true # The groups base DN. If defined, groups are retrieved only from the LDAP subtree denoted by this DN. # This DN should be "relative" to the root specified by "java.naming.provider.url". # If omitted, it is assumed empty and group searches are performed under the entry denoted by "java.naming.provider.url". #teamcity.groups.base=CN=users #teamcity.groups.base=DC=office,DC=adroot,DC=bmogc,DC=net # The group search LDAP filter used to retrieve groups to synchronize. # The search is performed inside the LDAP entry denoted by "teamcity.groups.base". #teamcity.groups.filter=(objectClass=group) teamcity.groups.filter=(&(objectClass=Group)(|(cn=ccusers))) # Set to "true" to enable automatic user creation and deletion during group synchronization. teamcity.options.createUsers=false teamcity.options.deleteUsers=false ### OPTIONAL SETTINGS ### # The time interval between synchronizations (in milliseconds). By default, it is one hour. teamcity.options.syncTimeout = 3600000 # The attribute that indicates the member of the group. # Note: LDAP property should contain the full DN of the member. teamcity.groups.property.member=member # The name of LDAP attribute containing the DN. By default, 'distinguishedName' is used. #teamcity.property.distinguishedName=distinguishedName teamcity.property.distinguishedName=cn # The name of LDAP attribute to retrieve user's full name teamcity.users.property.displayName=displayName # The name of LDAP attribute to retrieve user's email teamcity.users.property.email=mail 如果我理解的很好,你应该编辑ldap-mapping.xml(或者把它作为ldap-mapping.xml.dist的一个拷贝来创build)。 你可以在这个文件中创build一个地图。
<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd"> <mapping> <group-mapping teamcityGroupKey="ALL_USERS_GROUP" ldapGroupDn="CN=ccusers,OU=UNIX%20Security%20Groups,OU=CTD_CM_RMG,OU=Corporate%20Clients%20V2,DC=office,DC=adroot,DC=bmogc,DC=net"/> </mapping>
更新:
我把你的日志和我的一个进行了比较。 我看到即“统计:…远程用户= 27,…远程组= 1”。 所以我想你可能在你的filter或基地有一个错误。 我已经在LDAP Apanche Directory Studio中debugging了我的filter。