LDAP Authentication
Global Settings
Global LDAP settings are:
| URL | The URL of the ldap server, e.g. ldap://localhost:389. |
| Base DN | The base search space for users, e.g. dc=example,dc=com |
| User Filter | The LDAP search for locating users, e.g. uid=${USERNAME}. The ${USERNAME} variable is expanded to the username of the individual being authenticated. You can use a more complicated LDAP filter to only allow a subset of users, such as: (&(uid=${USERNAME})(group=fisheye)). |
| UID Attribute | The name of the username attribute in objects matching the filter. |
| Email attribute | (optional) The name of an attribute giving the user's email address. |
| Cache TTL (positive) | How long FishEye should cache permission checks. Example values are: 0 secs, 5 mins. |
| Auto-add | FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against LDAP. |
| Initial bind DN and password | (optional) If your LDAP server does not allow anonymous bind, then you need to specify a user FishEye can use to do its initial bind. |
Per-repository Settings
You can give FishEye an LDAP filter that will be used to check if a user has access to individual repositories. You can specify this per-repository, or just specify it in the repository-defaults:
| LDAP restriction | An LDAP filter used to check if a given user can access a given repository, e.g. (&(uid=${USERNAME})(group=${REP})). The ${REP} variable is replaced with the name of the repository in question. |
Active Directory
To have FishEye connect to an Active Directory server, use settings such as the following:
| URL | ldap://HOSTNAME:389 |
| Base DN | DC=corp,DC=example,DC=com |
| User Filter | sAMAccountName=${USERNAME} |
| UID Attribute | sAMAccountName |
| Email attribute | |
| Initial bind DN | corp.example.com/Users/SomeUser |