NAV Navbar
Logo
Switch version:

Configuration

The plugin requires two types of configurations,

The plugin provides views to add these configurations through the GoCD Authorization Configuration and Role Configuration pages under Admin > Security.

Alternatively, the configuration can be added directly to the config.xml using the <authConfig> and <pluginRole> configuration.

Authorization Configuration

The settings required to connect to a ldap server are configured in the AuthConfig. <authConfigs> should be added under <security/> tag.

Example authorization config:

<security>
 <authConfigs>
    <authConfig id="go_ldap" pluginId="com.thoughtworks.gocd.authorization.ldap">
      <property>
        <key>Url</key>
        <value>ldap://ldap-server-url</value>
      </property>
      <property>
        <key>ManagerDN</key>
        <value>cn=go,ou=Teams,dc=corporate,dc=example,dc=com</value>
      </property>
      <property>
        <key>Password</key>
        <value>secret</value>
      </property>
      <property>
        <key>SearchBases</key>
        <value>ou=Teams,dc=corporate,dc=example,dc=com</value>
      </property>
      <property>
        <key>UserLoginFilter</key>
        <value>(sAMAccountName={0})</value>
      </property>
      <property>
        <key>UserNameAttribute</key>
        <value>sAMAccountName</value>
      </property>
      <property>
        <key>UserSearchFilter</key>
        <value>(|(sAMAccountName=*{0}*)(uid=*{0}*)(cn=*{0}*)(mail=*{0}*)(otherMailbox=*{0}*))</value>
      </property>
      <property>
        <key>DisplayNameAttribute</key>
        <value>displayName</value>
      </property>
      <property>
        <key>EmailAttribute</key>
        <value>mail</value>
      </property>
    </authConfig>
  </authConfigs>
</security>

PluginRole Configuration

RoleConfig is used to define roles in GoCD and configure them to map to ldap groups. <pluginRole> should be added under <security/> tag. LDAP/AD groups can be mapped to GoCD roles using either the combination of UserGroupMembershipAttribute & GroupIdentifiers or GroupMembershipFilter & GroupSearchBases.

Example role configuration:

<security>
  <authConfigs>
    <authConfig id="ldap" pluginId="cd.go.authorization.ldap">
      ...
    </authConfig>
  </authConfigs>
  <roles>
    <pluginRole name="admins" authConfigId="ldap">
      <property>
        <key>UserGroupMembershipAttribute</key>
        <value>memberOf</value>
      </property>
      <property>
        <key>GroupIdentifiers</key>
        <value>CN=GoAdmins,OU=Groups,OU=Enterprise,OU=Principal,DC=corporate,DC=example,DC=com</value>
      </property>
    </pluginRole>
    <pluginRole name="view_user" authConfigId="tw-ldap">
      <property>
        <key>GroupSearchBases</key>
        <value>OU=Groups,OU=Enterprise,OU=Principal,DC=corporate,DC=example,DC=com</value>
      </property>
      <property>
        <key>GroupMembershipFilter</key>
        <value>(|(member={dn}) (uniqueMember=name={name}) (memberUid=uid={uid}))</value>
      </property>
    </pluginRole>
  </roles>
</security>