Integrating Atlassian Bamboo with Active Directory

Posted: July 4, 2018 in Windows Server

Bamboo is a continuous integration (CI) server that can be used to automate the release management for a software application, creating a continuous delivery pipeline.

In this post we’ll enable users to authenticate to Bamboo using their Active Directory Credentials

Creating service account

We need account for searching AD (domain user account)

 

Capture.PNG

 

Create AD groups: one for Admin, second for user access

Edit 1.png

Edit configuration file (Bambo home\xml-data\configuration\atlassian-user-custom.xml

 

<atlassian-user>
<repositories>
<!– LDAP repository –>
<ldap key=”ldapRepository” name=”Active Directory LDAP Repository” cache=”true”>
<!–
[HOSTNAME], the hostname to your LDAP, (i.e.: 192.168.10.71)
[DISPLAY-NAME], i.e.: Sample User. A
[PASSWORD], password to authenticate “Sample User. A”
–>
<host>1.1.1.1</host>
<port>389</port>
<!–
in <security…> we are going to authenticate our LDAP configuration against a user in our Active Directory
whereas, in this example we will be using “Service Account BAMBOO LDAP. A” as user
–>
<securityPrincipal>CN=Service Account BAMBOO LDAP,OU=service,OU=accounts,DC=company,DC=com</securityPrincipal>
<securityCredential>pass</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>DC=company,DC=com</baseContext>
<!–
in <baseUserNamespace> we are going to specify where our users have been created in the Active Directory
–>
<baseUserNamespace>OU=user,OU=accounts,DC=company,DC=com</baseUserNamespace>
<!–
in <baseGroupNamespace> we are going to specify where our groups have been created in the Active Directory
–>
<baseGroupNamespace>OU=security,OU=groups,DC=company,DC=com</baseGroupNamespace>
<userSearchAllDepths>true</userSearchAllDepths>
<groupSearchAllDepths>true</groupSearchAllDepths>
<usernameAttribute>sAMAccountName</usernameAttribute>
<!–
in <userSearchFilter> we are going to get all users that are members of “Bamboo.App.Admin” and “Bamboo.App.Users” groups
–>
<userSearchFilter>(&amp;(objectClass=person)(|(memberOf=CN=Bamboo.App.Admin,OU=security,OU=groups,DC=company,DC=com)(memberOf=CN=Bamboo.App.Users,OU=security,OU=groups,DC=company,DC=com)))</userSearchFilter>
<firstnameAttribute>givenName</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<!–
in <groupSearchFilter> we are going to get all the groups specified in <baseGroupNamespace>
–>
<groupSearchFilter>(&amp;(objectClass=group))</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
</ldap>
<!– Default bamboo user repository –>
<hibernate name=”Hibernate Repository” key=”hibernateRepository” description=”Hibernate Repository” cache=”true”/>
</repositories>
</atlassian-user>

 

Restart Bamboo service

4.PNG

 

Point Bamboo to LDAP repository:

Administration-User Management

5.png

Security-user repositories-Custom user repository-save, if config file has any error,it will be shown when you click Save, correct it and click Save again

 

2

 

You should be able to login with AD credentials

 

Setting permissions

Security-Global permissions-under Group access add group and chose permissions

 

6

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s