Does TeamForge work with LDAP?

Yes, you can have your TeamForge installation authenticate against an LDAP server. This is handy when users want to use a variety of different resources without having to maintain credentials for each one separately.

When you use LDAP authentication, CollabNet TeamForge presents the user's credentials to a central authentication server when the user logs into the TeamForge site.

To ensure that you arenot locked out of your site, the site administrator account is always validated by TeamForge, not by LDAP.

LDAP authentication is optional. You can use either TeamForge authentication or LDAP authentication.
Note: It is possible to use both types of authentication with a single TeamForge installation. See your CollabNet representative for details.

What is required?

When you turn external integration on, every user account (except the site administrator account) must have a matching LDAP entry to log in. This may require changing some existing accounts to match their corresponding LDAP records. (Accounts created after LDAP is in place are validated with the LDAP server when they are created, so you don't have to worry about this.)

LDAP accounts must conform to the TeamForge rules for user names and passwords. For example:

For detailed information about TeamForge user name and password rules, see ../action/siteadmin-creatinganewuseraccount.html.

LDAP for source control

LDAP is integrated into your TeamForge source control services.

What can go wrong?

When TeamForge is configured to authenticate against an LDAP server and the LDAP server is down, all TeamForge authentication is disabled until the LDAP server is restored.

If a user does not exist on the LDAP server, or is deleted from the server, that user cannot log into TeamForge.