Install Auth Manager

The Auth Manager add-on provides customers with a central authentication service the ability to integrate TeamForge with external authentication services such as LDAP, Active Directory, and Kerberos.

The Auth Manager TeamForge add-on is available as an RPM file that you have to download and install. Contact CollabNet Support for more information.

  1. Log on to TeamForge as a root user.
  2. Extract the RPM file. Extracting creates the add-on directory at /opt/collabnet/teamforge/add-ons
  3. Navigate to the new add-ons directory.

    cd /opt/collabnet/teamforge/add-ons/ctf_authentication_manager

  4. Install the Auth Manager:

    ./install

  5. Choose to synchronize with LDAP for user data or make use of the user provided data, as required. For example, if you want to:
    • create a user profile quickly, use the data available in LDAP by enabling LDAP sync and running hide.sh script. It displays only the Re-type password field to the user.
    • create a user profile using the data provided by the user, disable LDAP and run the show.sh script. It displays all the fields that you expect the user to fill in and requires site administrator's approval. This is fairly a time-consuming process.
  6. Set up your site's master configuration file.
    • vim /opt/collabnet/teamforge/etc/site-options.conf
    1. Set APPROVE_NEW_USER_ACCOUNTS as false.
      • Hide fields: To skip the approval process and create an user profile with the data available in LDAP, you have to enable LDAP Sync and run the hide.sh script after installation. It conceals all the fields on the Create New User page except the Re-type password field.
      • Show fields: To get the data from the user and not through the LDAP sync, you have to disable LDAP Sync run the show.sh script after installation. It shows all fields including full name, email, locale string, and license type on the Create New User page.
    2. Set REQUIRE_PASSWORD_SECURITY as false.
    1. Set PASSWORD_REQUIRES_NUMBER as false.
    2. Set PASSWORD_REQUIRES_NON_ALPHANUM as false.
    3. Set USE_EXTERNAL_USER_AUTHENTICATION as true.
    4. Set REQUIRE_USER_PASSWORD_CHANGE as false.
    5. Set MINIMUM_PASSWORD_LENGTH as 0.
    6. Set PASSWORD_REQUIRES_MIXED_CASE as false.
  7. Protect Auth Manager with SSL, if preferred. Click here for more details.
  8. Provision services.
    • teamforge provision
    Note:

    TeamForge 17.4 (and later) installer expects the system locale to be LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.

  9. Start TeamForge.
    • teamforge start
Tip: To ensure that the installation has been completed successfully and the external authentication functionality works do the following:
  • Login to the TeamForge through UI as an admin user and check if the add-on is appearing as Auth Manager in the project navigation bar. Also, for fresh installation, an active Default TeamForgeDatabase profile appears under Manage Existing profiles, by default, with the green status indicator.
  • Alternatively, in the CLI, scrutinize the log files, for example, /opt/collabnet/teamforge/log/apps/server.log.