Setting up TeamForge for LDAP authentication

In this section, you can see how to make LDAP as an IdP in TeamForge and how to configure TeamForge for enabling LDAP driven authentication.

Preparing TeamForge for LDAP integration

Enabling LDAP as an IdP

You need to enable LDAP as an IdP to facilitate LDAP based authentication for TeamForge users.

  1. Log on to TeamForge as a Site Administrator.
  2. Select My Workspace > Admin.
  3. Select Projects > Identity.
  4. Select the Federation tab.
  5. Select the Use Federated Login check box and select LDAP as the IdP from the drop-down list.
  6. Click Save.
  7. Select the LDAP tab. This page provides the basic configuration required to integrate LDAP with TeamForge.

    This table provides the parameters used in the LDAP configuration page and and their corresponding description.

    Parameter Name Description

    PROVIDER URL

    Defines the string that encapsulates the IP address and port of a directory server.

    SECURITY AUTHENTICATION

    Authentication method used to bind to LDAP server. There are 3 types of security authentication in LDAP:
    • Anonymous - When a client sends a LDAP request without binding, then it is called an "anonymous client".
    • Simple - In this type of authentication, the LDAP server sends the fully qualified DN (Distinguished Name) and the clear text password of the client.
      Note: Currently, TeamForge supports only the simple authentication method.
    • SASL - SASL (Simple Authentication and Security Layer) authentication provides a challenge response protocol to exchange data between the client and server for the authentication and establishment of security layer to carry out further communication.

    SECURITY PRINCIPAL

    Specifies the distinguished name of the user to authenticate.

    Example: "uid=admin,ou=accounts"

    SECURITY CREDENTIALS

    Specifies the password or other security credentials of the user to authenticate.

    Note: If the Security Principal and Security Credentials should be used when a LDAP user tries to log on to TeamForge for the first time, you need to select the <<token_name>> check box in Configure your site's settings page.

    BASE DN

    Specifies the base distinguished name from where a server will search for users. This is a sequence of related distinguished names connected by commas and with the format "attribute=value".

    Example: dc=help,dc=collab,dc=net

    USERNAME

    Defines the name used to connect to the LDAP service on the specified LDAP server. Example: ldapuser@collab.net

    SERVER TIMEOUT

    Specifies the read timeout in milliseconds for an LDAP operation. This is used to control the LDAP request made by a client in a timely manner, so that the client does not wait for a long time for the server to respond. For example, if the search timeout value is 5000 milliseconds, the LDAP service provider can abort the read timeout if the server does not respond within this 5 seconds.

    SERVER SCOPE

    Specifies the starting point of an LDAP search and the depth from the base DN to the levels until which the search should occur. There are three types of search scope in an LDAP search:

    • OBJECT_SCOPE: This limits the search scope only to the base object or base DN.
    • ONELEVEL_SCOPE: This enables search only up to the immediate children objects under the base DN in a search tree.
    • SUBTREE_SCOPE: This searches the entire subtree including the base DN. TeamForge recommends this as the default search scope in its LDAP configuration.
  8. Click Save to save the configuration. Click Cancel to discard the changes.