Red Hat help


Set up LDAP integration for the CollabNet TeamForge site

Follow these steps to convert your CollabNet TeamForge installation to authenticate against your corporate OpenLDAP server.

Note: Only OpenLDAP 2.3.27-5 is officially supported, but with some modifications you may be able to make a simple Active Directory integration work as well. See the suggested modifications for login-config.xml.
  1. Shut down CollabNet TeamForge .
    • /etc/init.d/httpd stop
    • /etc/init.d/collabnet stop
    • /etc/init.d/postgresql-9.0 stop
  2. Copy the LDAP configuration file to the data directory.
    • cd /opt/collabnet/teamforge
    • cp dist/jboss/jboss-3.2.6/server/default/conf/login-config.xml var/etc/login-config.xml
  3. Edit the <installation_source>/conf/site-options.conf file.
    1. Tell CollabNet TeamForge to use LDAP authentication. Under "External User Authentication," uncomment this line:
      • USE_EXTERNAL_USER_AUTHENTICATION=false

      and change its value to true.

    2. Tell CollabNet TeamForge where to look for your LDAP configuration settings. Uncomment this line:
      • LOGIN_CONFIG_XML_FILE={__DATA_DIR__}/etc/login-config.xml
      Note: DATA_DIR is usually mapped to the /opt/collabnet/teamforge/var directory. You may want to check the SITE_DIR and DATA_DIR variables.
    3. Check that the MINIMUM_PASSWORD_LENGTH variable matches the limit used on the LDAP server. If your LDAP server does not enforce a minimum password length, set MINIMUM_PASSWORD_LENGTH to 0 (zero).
      Note: If a password is used in LDAP that is shorter than the minimum allowable password length in CollabNet TeamForge, you will not be able to create the user in CollabNet TeamForge .
  4. In the /opt/collabnet/teamforge/var/etc/login-config.xml file, modify the TeamForge application-policy block to enable CollabNet TeamForge to authenticate against your LDAP server.
    Tip: The application-policy block begins on line 113 of the login-config.xml file.
    1. Replace the TeamForge application-policy block with the code listed in the sample application-policy block in login-config.xml.
    2. Replace principalDNPrefix with your LDAP username parameter. In the example application-policy block, the username is stored in LDAP as the uid parameter.
      Note: Make sure to include the trailing = in the prefix.
    3. Replace principalDNSuffix with the LDAP domain in which usernames are stored.
      Note: Make sure to include the leading comma in the suffix if one is needed.
    4. Replace java.naming.provider.url with the URL of your LDAP server. In the example application-policy block, the URL of the LDAP server is ldap://util.dev.sf.net:389/.
      Note: Make sure to include ldap:// at the beginning of the URL.
  5. Save all the files you have edited and change their ownership back to sf-admin.
    • chown sf-admin.sf-admin login-config.xml
  6. Recreate the runtime environment.
    • ./install.sh -V -r -d /opt/collabnet/teamforge
Up: Authenticate users with LDAP
Related questions
Does TeamForge work with LDAP?
How does TeamForge authenticate CVS users?
Related reference information
login-config.xml
LOGIN_CONFIG_XML
MINIMUM_PASSWORD_LENGTH
USE_EXTERNAL_USER_AUTHENTICATION
More information
Login module options explained
Extended login module options explained

Questions? Comments? Talk to other TeamForge users and CollabNet engineers.

Copyright 2011 CollabNet Corporation | Site Feedback | Terms of Use | Privacy Policy | Copyright and Trademark | Support