This document describes how to enable, configure, and test CircleCI to authenticate users with OpenLDAP or Active Directory credentials.
- Install and configure your LDAP server and Active Directory.
- GitHub Enterprise must be configured and is the source of organizations and projects to which users have access.
- Install a new instance of CircleCI 2.0 with no existing users using the Installing CircleCI 2.0 on Amazon Web Services with Terraform document. Note: LDAP is not supported with existing installations, only clean installations may use LDAP.
- Contact CircleCI support and file a feature request for CircleCI installed on your own servers.
Note: After completing this configuration, all users must log in to CircleCI with their LDAP credentials. After logging in to CircleCI, each user will then click the Connect button on the Accounts page to connect and authenticate their GitHub account.
Configure LDAP Authentication
This section provides the steps to configure LDAP in the management console (Replicated).
- Log in to the management console for a newly installed CircleCI 2.0 instance as the
- Check the LDAP button on the Settings page.
- Select OpenLDAP or Active Directory
- Fill in you LDAP instance Hostname and port number.
- Select the encryption type (plain text is not recommended).
- Fill in the Search user field with the LDAP admin username using the format
orgwith appropriate values for your datacenter.
- Fill in the Search password field with the LDAP admin password.
- Fill in the User search DN field with an approrpiate value using the format
userswith the value used in your LDAP instance.
- Fill in the Username field with an approriate unique identifier used for your users, for example,
- Fill in the Group Membership field with an appropriate value. By default, the value is
uniqueMemberfor OpenLDAP and
memberfor Active Directory. This field will list member
dnfor a group.
- Fill in the Group Object Class field with an approrpiate value. By default, the value is
groupOfUniqueNamesfor OpenLDAP and
groupfor Active Directory. The value of the
objectClassfield indicates a
dnis a group.
- (Optional) Fill in the Test username and Test password fields with a test email and password for an LDAP user you want to test.
- Save the settings.
A user who logs in will be redirected to the Accounts page of the CircleCI application with a Connect button that they must use to connect their GitHub account. After they click Connect, an LDAP section with their user information (for example, their email) on the page will appear and they will be directed to authenticate their GitHub account. After authenticating their GitHub account users are directed to the Job page to use CircleCI.