Does TeamForge work with LDAP?

When you use LDAP authentication, CollabNet TeamForge presents the user's credentials to a central authentication server when the user logs into the TeamForge site.

To ensure that you arenot locked out of your site, the site administrator account is always validated by TeamForge, not by LDAP.

What is required?

When you turn external integration on, every user account (except the site administrator account) must have a matching LDAP entry to log in. This may require changing some existing accounts to match their corresponding LDAP records. (Accounts created after LDAP is in place are validated with the LDAP server when they are created, so you don't have to worry about this.)

LDAP accounts must conform to the TeamForge rules for user names and passwords. For example:

• If a password is used in LDAP that is shorter than the minimum allowable password length in TeamForge, you cannot create the user in TeamForge.
• A user name that starts with a special character, such as an underscore, will not be accepted by TeamForge, even if it is valid in LDAP.

For detailed information about TeamForge user name and password rules, see ../action/siteadmin-creatinganewuseraccount.html.

LDAP for source control

LDAP is integrated into your TeamForge source control services.

• For Subversion, the integration server queries TeamForge as needed.
• CVS authentication is not managed directly by LDAP, but each TeamForge user's SCM password is synchronized automatically with the user's LDAP password upon logging into TeamForge.

What can go wrong?

When TeamForge is configured to authenticate against an LDAP server and the LDAP server is down, all TeamForge authentication is disabled until the LDAP server is restored.

If a user does not exist on the LDAP server, or is deleted from the server, that user cannot log into TeamForge.