Restricting LDAP Logins

Hello,

I am trying to configure LDAP Integration while also trying to restrict who can login to users who are members of a couple different AD groups.  I have set the following under advanced options for LDAP Integration:

Transform: DOMAIN/$login$

Query: (&(sAMAccount=$login$)(|(memberOf=[DN for group1])(memberOf=[DN for group2])))

However, this continues to allow any user.

In TeamCity I am using this exact login filter to control which users are permitted to login. Am I understanding the purpose of the "Query" option correct or no?

Thanks,

Patrick

3 comments
Comment actions Permalink

Yes, it's a parameter passed to javax.naming.directory.DirContext.search(String name, String filter, SearchControls cons) method and it should work. Maybe you are trying to login with a user which is already registered via LDAP while it was possible? If so, try on some other user, please (just for us to be sure).

0
Comment actions Permalink
If the Query does not match with the user can YouTrack deny account creation? or Auto Ban the user?
0
Comment actions Permalink
If the Query does not match with the user can YouTrack deny account creation? or Auto Ban the user?


This was me
0

Please sign in to leave a comment.