The Auth Manager add-on provides
customers with a central authentication service the ability to integrate TeamForge with
external authentication services such as LDAP, Active Directory, and Kerberos.
The Auth Manager
TeamForge add-on is available as an RPM
file that you have to download and install. Contact CollabNet Support for more
information.
-
Log on to TeamForge as a root user.
-
Extract the RPM file.
Extracting creates the add-on directory at
/opt/collabnet/teamforge/add-ons
-
Navigate to the new add-ons directory.
cd
/opt/collabnet/teamforge/add-ons/ctf_authentication_manager
-
Install the Auth Manager:
./install
-
Choose to synchronize with LDAP for user data or make use of the user provided
data, as required.
For example, if you want to:
- create a user profile quickly, use the data available in LDAP by
enabling LDAP sync and running hide.sh script. It
displays only the Re-type password field to the
user.
- create a user profile using the data provided by the user, disable LDAP
and run the show.sh script. It displays all the
fields that you expect the user to fill in and requires site
administrator's approval. This is fairly a time-consuming process.
-
Set up your site's master configuration file.
- vim
/opt/collabnet/teamforge/etc/site-options.conf
-
Set APPROVE_NEW_USER_ACCOUNTS as
false.
- Hide fields: To skip the approval process
and create an user profile with the data available in LDAP,
you have to enable LDAP Sync and run the hide.sh script
after installation. It conceals all the fields on the Create
New User page except the Re-type password
field.
- Show fields: To get the data from the user and not
through the LDAP sync, you have to disable LDAP Sync run the
show.sh script after installation. It shows all fields
including full name, email, locale string, and license type
on the Create New User page.
-
Set REQUIRE_PASSWORD_SECURITY as
false.
-
Set PASSWORD_REQUIRES_NUMBER as
false.
-
Set PASSWORD_REQUIRES_NON_ALPHANUM
as false.
-
Set USE_EXTERNAL_USER_AUTHENTICATION as
true.
-
Set REQUIRE_USER_PASSWORD_CHANGE
as false.
-
Set MINIMUM_PASSWORD_LENGTH as
0.
-
Set PASSWORD_REQUIRES_MIXED_CASE
as false.
-
Protect Auth Manager with SSL,
if preferred. Click here for more
details.
-
Provision
services.
Note:
TeamForge 17.4 (and later) installer expects the system locale to be
LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.
-
Start TeamForge.
Tip: To ensure that the installation has been completed successfully and the
external authentication functionality works do the following:
- Login to the TeamForge through UI
as an admin user and check if the add-on is appearing as Auth Manager in the project
navigation bar. Also, for fresh installation, an active Default
TeamForgeDatabase profile appears under Manage
Existing profiles, by default, with the green status
indicator.
- Alternatively, in the CLI, scrutinize the log files, for example,
/opt/collabnet/teamforge/log/apps/server.log.