This page explains the settings for LDAP authentication and their parameters.
Note that we recommend using Atlassian JIRA, or Crowd, for user authentication. One advantage is that you can then make use of LDAP groups. Also, FishEye (or Crucible) can only connect to one external authentication directory; using Crowd allows connection to multiple directories.
On this page:
Global settings
To configure LDAP authentication, log in to the FishEye admin area and click Authentication (under 'Security Settings'). Now click Set up LDAP, under 'Authentication settings'.
Global LDAP settings are:
URL | The URL of the LDAP server, e.g. (For reference, see Performance Problem when Using LDAPS if using the |
Base DN | The base search space for users, e.g. |
User Filter | The LDAP search for locating users, e.g. |
UID attribute | The name of the username attribute in objects matching the filter. |
Email attribute | Optional. The name of an attribute giving the user's email address. |
Cache TTL (positive) | How long FishEye should cache permission checks. Example values are: |
Auto-add | FishEye can automatically create a user it has not previously encountered if the user can successfully authenticate against LDAP. |
Initial bind DN and password | Optional. If your LDAP server does not allow anonymous bind, then you need to specify a user FishEye can use to do its initial bind. |
Synchronise users with LDAP | Optional. Sets whether users will be loaded from an external directory. |
Per-repository settings
If you use LDAP authentication you can set a LDAP filter in FishEye to further restrict access to a particular repository: the per-repository filter restricts access to a subset of already logged-in users. The LDAP filter is not utilized for repositories that have anonymous access enabled (either per-repository permissions or default permissions).
To set the LDAP filter for a repository, log in to the FishEye admin area and click Repositories (under 'Repository Settings'). Now click the name for a repository, and then Permissions (on the left). Check Apply LDAP restriction and edit the following settings:
LDAP Restriction | An LDAP filter string used to check if a given user can access a given repository, e.g. |
Match Type | This setting modifies how the search results are interpreted.
|
Examples:
- To allow a user to access a repository only if he or she is part of the group AuthorizedGroup, specify an LDAP filter such as:
(&(uniqueMember=${USERNAME})(cn=AuthorizedGroup)(objectClass=groupofuniquenames))
and set the Match Type as Any. - To allow more than a group of users to access a repository, specify an LDAP filter such as:
(&(uniqueMember=${USERNAME})(|(cn=AuthorizedGroup1)(cn=AuthorizedGroup2))(objectClass=groupofuniquenames))
and set the Match Type as Any.
Active Directory
To have FishEye connect to an Active Directory server, use settings such as the following:
URL |
|
Base DN |
|
User Filter |
|
UID Attribute |
|
Email attribute |
|
Initial bind DN |
|