charlieanstey · March 2, 2021 12:48
diff --git a/ldap-config.properties b/ldap-config.properties
 ### MANDATORY SETTINGS ###

 # The url(s) of LDAP server, with URL escaping e.g. "%20"
 java.naming.provider.url=ldap://dc.degree53.local:389/DC=degree53,DC=local

 # The credentials to browse and sync LDAP
 java.naming.security.principal=teamcity
 java.naming.security.credentials=

 # Users base DN, relative to "java.naming.provider.url"
 teamcity.users.base=OU=Users,OU=Degree53

 # LDAP filter to search for LDAP user in "teamcity.users.base"
 teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

 # The name of LDAP attribute that will be used to match LDAP entries with TeamCity users.
 # The value of the attribute will be used as TeamCity user's username.
 # If omitted, value of $capturedLogin$ will be used as TeamCity user's username.
 teamcity.users.username=sAMAccountName

 # Optional additional Java Naming options for advanced usages,
 #   see http://docs.oracle.com/javase/6/docs/api/javax/naming/Context.html#field_detail
 java.naming.referral=follow
 java.naming.security.authentication=none

 ### USERNAME TRANSFORMATION SETTINGS ###

 # Regex to deny login if contains "\" or "@".
 teamcity.auth.loginFilter=[^/\\\\@]+

 # Pattern extracts login name, puts into "$capturedLogin$" substitution so will be "JSmith" if user entered EXAMPLE\JSmith
 teamcity.users.login.capture=EXAMPLE\\\\(.*)

 # LDAP SYNCHRONIZATION

 ### USERS SETTINGS ###

 # Set to "true" to enable the synchronization for existig users' properties.
 # For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
 teamcity.options.users.synchronize=true

 # The user search LDAP filter used to retrieve users to synchronize.
 # The search is performed inside the LDAP entry denoted by "teamcity.users.base".
 # Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
 teamcity.users.filter=(objectClass=user)

 ### GROUPS SETTINGS ###
 # Group sync. Requires ldap-mapping.xml

 # Enable sync of groups in ldap-mapping.xml
 teamcity.options.groups.synchronize=true

 # Groups base DN, relative to "java.naming.provider.url"
 teamcity.groups.base=OU=Security Groups,OU=Groups,OU=Degree53

 # The group search LDAP filter used to retrieve groups to synchronize.
 # The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
 teamcity.groups.filter=(objectClass=group)

 # Set to "true" to enable automatic user creation and deletion during group synchronization.
 teamcity.options.createUsers=true
 teamcity.options.deleteUsers=true

 ### OPTIONAL SETTINGS ###

 # The time interval between synchronizations (in milliseconds). By default, it is one hour.
 teamcity.options.syncTimeout = 3600000

 # Attribute showing member of the group.
 teamcity.groups.property.member=member

 # The name of LDAP attribute to retrieve user's full name
 teamcity.users.property.displayName=displayName

 # The name of LDAP attribute to retrieve user's email
 teamcity.users.property.email=mail

 # Git username of users based on LDAP username attribute
 teamcity.users.property.plugin\:vcs\:jetbrains.git\:anyVcsRoot=sAMAccountName

 # Forces TeamCity to ignore manual user changes to properties and apply LDAP values,
 teamcity.users.forceUpdatePropertiesDuringSync=true

 # Fetched only groups mentioned in mapping file from LDAP.
 teamcity.groups.fetchOnlyMappedGroups=true
diff --git a/ldap-mapping.xml b/ldap-mapping.xml
 <!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
 <mapping>
  <group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_Development,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="IT" ldapGroupDn="CN=SG_IT,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
  <group-mapping teamcityGroupKey="TEST" ldapGroupDn="CN=SG_Test,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
 </mapping>
	### MANDATORY SETTINGS ###

	# The url(s) of LDAP server, with URL escaping e.g. "%20"
	java.naming.provider.url=ldap://dc.degree53.local:389/DC=degree53,DC=local

	# The credentials to browse and sync LDAP
	java.naming.security.principal=teamcity
	java.naming.security.credentials=

	# Users base DN, relative to "java.naming.provider.url"
	teamcity.users.base=OU=Users,OU=Degree53

	# LDAP filter to search for LDAP user in "teamcity.users.base"
	teamcity.users.login.filter=(sAMAccountName=$capturedLogin$)

	# The name of LDAP attribute that will be used to match LDAP entries with TeamCity users.
	# The value of the attribute will be used as TeamCity user's username.
	# If omitted, value of $capturedLogin$ will be used as TeamCity user's username.
	teamcity.users.username=sAMAccountName

	# Optional additional Java Naming options for advanced usages,
	# see http://docs.oracle.com/javase/6/docs/api/javax/naming/Context.html#field_detail
	java.naming.referral=follow
	java.naming.security.authentication=none

	### USERNAME TRANSFORMATION SETTINGS ###

	# Regex to deny login if contains "\" or "@".
	teamcity.auth.loginFilter=[^/\\\\@]+

	# Pattern extracts login name, puts into "$capturedLogin$" substitution so will be "JSmith" if user entered EXAMPLE\JSmith
	teamcity.users.login.capture=EXAMPLE\\\\(.*)

	# LDAP SYNCHRONIZATION

	### USERS SETTINGS ###

	# Set to "true" to enable the synchronization for existig users' properties.
	# For users creation and deletion, see teamcity.options.groups.synchronize and consider mapping "All Users" group
	teamcity.options.users.synchronize=true

	# The user search LDAP filter used to retrieve users to synchronize.
	# The search is performed inside the LDAP entry denoted by "teamcity.users.base".
	# Note: during the process of user authentication the "teamcity.users.login.filter" filter is used, not this one.
	teamcity.users.filter=(objectClass=user)

	### GROUPS SETTINGS ###
	# Group sync. Requires ldap-mapping.xml

	# Enable sync of groups in ldap-mapping.xml
	teamcity.options.groups.synchronize=true

	# Groups base DN, relative to "java.naming.provider.url"
	teamcity.groups.base=OU=Security Groups,OU=Groups,OU=Degree53

	# The group search LDAP filter used to retrieve groups to synchronize.
	# The search is performed inside the LDAP entry denoted by "teamcity.groups.base".
	teamcity.groups.filter=(objectClass=group)

	# Set to "true" to enable automatic user creation and deletion during group synchronization.
	teamcity.options.createUsers=true
	teamcity.options.deleteUsers=true

	### OPTIONAL SETTINGS ###

	# The time interval between synchronizations (in milliseconds). By default, it is one hour.
	teamcity.options.syncTimeout = 3600000

	# Attribute showing member of the group.
	teamcity.groups.property.member=member

	# The name of LDAP attribute to retrieve user's full name
	teamcity.users.property.displayName=displayName

	# The name of LDAP attribute to retrieve user's email
	teamcity.users.property.email=mail

	# Git username of users based on LDAP username attribute
	teamcity.users.property.plugin\:vcs\:jetbrains.git\:anyVcsRoot=sAMAccountName

	# Forces TeamCity to ignore manual user changes to properties and apply LDAP values,
	teamcity.users.forceUpdatePropertiesDuringSync=true

	# Fetched only groups mentioned in mapping file from LDAP.
	teamcity.groups.fetchOnlyMappedGroups=true
	<!DOCTYPE mapping SYSTEM "ldap-mapping.dtd">
	<mapping>
	<group-mapping teamcityGroupKey="DEVELOPERS" ldapGroupDn="CN=SG_Development,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	<group-mapping teamcityGroupKey="IT" ldapGroupDn="CN=SG_IT,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	<group-mapping teamcityGroupKey="TEST" ldapGroupDn="CN=SG_Test,OU=Security Groups,OU=Groups,OU=Degree53,DC=degree53,DC=local" />
	</mapping>