[FishEye ナレッジ ベース]
This page explains the settings for LDAP authentication and their parameters.
Note that we recommend using Atlassian JIRA, or Crowd, for user authentication. One advantage is that you can then make use of LDAP groups. Also, FishEye (or Crucible) can only connect to one external authentication directory; using Crowd allows connection to multiple directories.
このページの内容
To configure LDAP authentication, log in to the FishEye admin area and click Authentication (under 'Security Settings'). Now click Set up LDAP, under 'Authentication settings'.
Global LDAP settings are:
URL | The URL of the LDAP server, e.g. (For reference, see Performance Problem when Using LDAPS if using the |
ベース DN | The base search space for users, e.g. |
User Filter | The LDAP search for locating users, e.g. |
UID attribute | The name of the username attribute in objects matching the user filter. |
Email attribute | Optional. The name of an attribute giving the user's email address. |
Cache TTL (positive) | How long FishEye should cache permission checks. Example values are: |
Auto-add | FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against LDAP. |
Initial bind DN and password | Optional. If your LDAP server does not allow anonymous bind, then you need to specify a user FishEye can use to do its initial bind. |
Synchronise users with LDAP | Optional. Sets whether users will be loaded from an external directory. |
If you use LDAP authentication you can set a LDAP filter in FishEye to further restrict access to a particular repository: the per-repository filter restricts access to a subset of already logged-in users. The LDAP filter is not utilized for repositories that have anonymous access enabled (either per-repository permissions or default permissions).
To set the LDAP filter for a repository, log in to the FishEye admin area and click Repositories (under 'Repository Settings'). Now click the name for a repository, and then Permissions (on the left). Check Apply LDAP restriction and edit the following settings:
LDAP Restriction | An LDAP filter string used to check if a given user can access a given repository, e.g. |
Match Type | This setting modifies how the search results are interpreted.
|
When writing your LDAP filter, the following expressions are available:
${USERNAME}
will be replaced by the username of the logged user${DN}
will be replaced by the Distinguished Name of the logged user${REP}
will be replaced by the name of the repository the logged user is trying to access(&(uniqueMember=${USERNAME})(cn=AuthorizedGroup)(objectClass=groupofuniquenames))
and set the Match Type as Any.(&(uniqueMember=${USERNAME})(|(cn=AuthorizedGroup1)(cn=AuthorizedGroup2))(objectClass=groupofuniquenames))
and set the Match Type as Any.Testing the LDAP restriction
To test the LDAP restriction, you can use Apache Directory Studio:
${USERNAME}
or ${REP}
, replace them by the username or repository name you want to test)To have FishEye connect to an Active Directory server, use settings such as the following:
URL |
|
ベース DN |
|
User Filter |
|
UID Attribute |
|
Email attribute |
|
Initial bind DN |
|