LDAP¶
RhodeCode Enterprise supports LDAP (Lightweight Directory Access Protocol) or AD (active Directory) authentication. All LDAP versions are supported, with the following RhodeCode Enterprise plugins managing each:
- For LDAPv3 use
LDAP (egg:rhodecode-enterprise-ce#ldap) - For LDAPv3 with user group sync use
LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)
Important
The email used with your RhodeCode Enterprise super-admin account needs to match the email address attached to your admin profile in LDAP. This is because within RhodeCode Enterprise the user email needs to be unique, and multiple users cannot share an email account.
Likewise, if as an admin you also have a user account, the email address attached to the user account needs to be different.
LDAP Configuration Steps¶
To configure LDAP / Active Directory, use the following steps:
- From the RhodeCode Enterprise interface, select
- Enable the required plugin and select Save
- Select the Enabled check box in the plugin configuration section
- Add the required LDAP information and Save, for more details, see Example LDAP configuration
For a more detailed description of LDAP objects, see LDAP / Active Directory Glossary:
Example LDAP configuration¶
# Auth Cache TTL
3600
# Host
https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/
# Port
389
# Account
cn=admin,dc=rhodecode,dc=com
# Password
ldap-user-password
# LDAP connection security
LDAPS
# Certificate checks level
DEMAND
# Base DN
cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com
# User Search Base
ou=groups,ou=users
# LDAP search filter
(objectClass=person)
# LDAP search scope
SUBTREE
# Login attribute
rmagillacuddy
# First Name Attribute
Rufus
# Last Name Attribute
Magillacuddy
# Email Attribute
LDAP-Registered@email.ac
# User Member of Attribute
Organizational Role
# Group search base
cn=users,ou=groups,dc=rhodecode,dc=com
# LDAP Group Search Filter
(objectclass=posixGroup)
# Group Name Attribute
users
# Group Member Of Attribute
cn
# Admin Groups
admin,devops,qa