RhodeCode Enterprise supports LDAP (Lightweight Directory Access Protocol) or AD (active Directory) authentication. All LDAP versions are supported, with the following RhodeCode Enterprise plugins managing each:
- For LDAPv3 use
- For LDAPv3 with user group sync use
LDAP + User Groups (egg:rhodecode-enterprise-ee#ldap_group)
The email used with your RhodeCode Enterprise super-admin account needs to match the email address attached to your admin profile in LDAP. This is because within RhodeCode Enterprise the user email needs to be unique, and multiple users cannot share an email account.
Likewise, if as an admin you also have a user account, the email address attached to the user account needs to be different.
LDAP Configuration Steps¶
To configure LDAP / Active Directory, use the following steps:
- From the RhodeCode Enterprise interface, select
- Enable the required plugin and select Save
- Select the Enabled check box in the plugin configuration section
- Add the required LDAP information and Save, for more details, see Example LDAP configuration
For a more detailed description of LDAP objects, see LDAP / Active Directory Glossary:
Example LDAP configuration¶
# Auth Cache TTL 3600 # Host https://ldap1.server.com/ldap-admin/,https://ldap2.server.com/ldap-admin/ # Port 389 # Account cn=admin,dc=rhodecode,dc=com # Password ldap-user-password # LDAP connection security LDAPS # Certificate checks level DEMAND # Base DN cn=Rufus Magillacuddy,ou=users,dc=rhodecode,dc=com # User Search Base ou=groups,ou=users # LDAP search filter (objectClass=person) # LDAP search scope SUBTREE # Login attribute rmagillacuddy # First Name Attribute Rufus # Last Name Attribute Magillacuddy # Email Attribute LDAP-Registered@email.ac # User Member of Attribute Organizational Role # Group search base cn=users,ou=groups,dc=rhodecode,dc=com # LDAP Group Search Filter (objectclass=posixGroup) # Group Name Attribute users # Group Member Of Attribute cn # Admin Groups admin,devops,qa