NAV Navbar
Switch version:

PluginRole Configuration

The Plugin Role Config is used to define roles in GoCD and configure them to map to LDAP/AD groups. LDAP/AD groups can be mapped to GoCD roles using either the combination of UserGroupMembershipAttribute & GroupIdentifiers or GroupMembershipFilter & GroupSearchBases. In order to create a plugin role user have to create an authorization configuration first.

  1. Login to GoCD server as admin and navigate to Admin > Security > Role Configuration.
  2. Click on Add Role to create new role configuration.
  3. For a role type, select Plugin Role
  4. Specify a role name,
  5. For Auth Config Id, select the authorization config you created earlier. For instance, it might sho up as my-ldap(LDAP Authorization Plugin for GoCD) if the ID you provided was my-ldap

Map Roles Using Group Membership Attribute On User

This allows you to define a role which will be assigned to the logged in user, only if logged in user is has the given attribute and matching value in their LDAP/AD records.

Map Roles Using Group Membership Filter


You can user create a plugin role by configuring GroupMembershipAttribute and GroupMembershipFilter both. - In such case - * The plugin make a role assignment based on GroupMembershipAttribute first. * If role is not assigned to user using GroupMembershipAttribute, then plugin check for GroupMembershipFilter to assign a role.

See Scenario 7 in examples section for more information.

Example role configuration

Plugin role configuration

Alternatively, the configuration can be added directly to the GoCD config XML using the <pluginRole>. It should be added in <security> under <roles/> tag as described in following example -

    <authConfig id="my-ldap" pluginId="com.thoughtworks.gocd.authorization.ldap">
    <pluginRole name="go-admins" authConfigId="ldap">
    <pluginRole name="view_user" authConfigId="tw-ldap">
        <value>(|(member={dn}) (uniqueMember=name={name}) (memberUid=uid={uid}))</value>