LDAP Restrictions

My current dilemma is restricting user creation via LDAP. We have 500+ employees and only 150 of them need access to YouTrack. We have removed the create user function from the main page, but users can still log in with their LDAP credentials.

We then set the Query the same as we do for other programs we use with LDAP integration:
(&(sAMAccountName=$login$)(memberOf=CN location))
prettyPrint();

We also tried this Query that we found in the forums:
(&(sAMAccountName=$login$)(|(memberOf=CN location)))
prettyPrint();

Here are the results:

If user1 is part of CN youtrack will create the account with email/fullname fields filled out.

If user2 is NOT part of CN youtrack will still create the account but email/fullname fields will be empty.

Conclusion: We would like to Deny access to users not in the CN group.
4 comments
Comment actions Permalink
Hello Phillip,

Sorry for the delay. We've been investigating this case. This is an issue on our side, thank you for posting this http://youtrack.jetbrains.com/issue/JT-20045.
Your case is clear, and it's a useful workaround, it should work. I beleive, it'll be fixed soon.

Thank you.
0
Comment actions Permalink
Is there an exact ETA? We are currently holding for this feature before going live.
0
Comment actions Permalink
Phillip,

This fix will be included in our nearest huge release - YouTrack 5.0 (July, this year).
We'll update our documentation regarding this fix. In all cases, you are welcome to contact us if need any assistance with this.

Thank you.
0

Please sign in to leave a comment.