Skip to content

LDAP and Active Directory

LDAP and Active Directory connectors allow you to externalize the management of authentication to Squash TM. The management of user permissions remains inside of Squash TM.

Configure LDAP and AD

LDAP and AD connectors support both simple and multi-domain configurations. You can find examples of standard configurations in the following files, in the plugin's config folder:

  • Simple domain: squash.tm.cfg.properties;

  • Multi-domain: multi-ldap(or ad).squash.tm.cfg.properties.

After installing the LDAP or AD .jar files in Squash TM's plugins folder, you must copy and paste this standard configuration in the file squash.tm.cfg.properties to complete it. You can find this file in Squash TM's conf folder.

LDAP Connector Properties

The LDAP connector allows for a more advanced configuration thanks to the following properties:

  • authentication.ldap.server.url: directory URL. Can be ldap:// or ldaps:// for a secured connection;
  • authentication.ldap.server.managerDn: ID with the permission to browse the directory when it cannot be browsed in anonymous mode;
  • authentication.ldap.server.managerPassword: password of the user who has the permission to browse the directory;
  • authentication.ldap.user.searchBase: location where you can find the users who will be able to connect to Squash;
  • authentication.ldap.user.searchFilter: allows you to search the user's attribute, which will be their login in Squash.

Use the LDAP Connector with an AD

You can use the LDAP connector to connect it to an AD and enjoy more advanced configuration options.

The configuration you must enter for an AD or LDAP connector is basically the same.
The main difference lies in the authentication property ldap.user.searchFilter:

  • For an AD, it generally is the attribute samAccountName or UserPrincipalName;
  • For a LDAP directory, there are more possibilities: it can be uid, id, uniqueMember, etc.

Operate the Connection

To connect to Squash TM, you must create at least one user in the LDAP directory or AD with a login that is identical to the one of the default Squash TM administrator: admin. With this user, you can then connect to Squash TM with an administrator profile. The administrator will then be able to add permissions for the other users.

Info

When you first use Squash TM, an administrator account is created. The login is admin.

For other users to be able to connect to Squash TM using the LDAP connector or AD, they must be in the directory:

  • If the user is missing from the LDAP directory or AD, they cannot authenticate to Squash TM. The connection is impossible;

  • If the user is already in the LDAP directory or AD, they can authenticate to Squash TM. The password is managed by the directory, whereas project permissions are managed in Squash TM. Two cases are then possible:

    • The user already has a user account in Squash TM: when they log in, they will have the permissions that go with their account

    • The user does not have any user account in Squash TM: when they first log in, a user account is automatically created in Squash TM, but they will have no permission granted to them. Subsequently, permissions can be granted to them by a Squash TM administrator.

Focus

When authentication is delegated to a directory, passwords can no longer be managed in Squash TM. The options [Reset] password (administrator) and change [Local password] (user) are deactivated.

Multi-Sources Authentication

You can authenticate into Squash TM using multiple sources (directory + local).

For this:

  • Install and configure the LDAP or AD plugins;

  • In the file squash.tm.cfg.properties, complete the following property by adding internal as an authentication source:

    authentication.provider=ldap,internal
    

Users will then be able to connect to the app using accounts that are in the directory and Squash TM local accounts.

Autoconnect to Bugtrackers

In the case where the Squash TM and bugtrackers logins credentials are managed by the same directory service, you can activate autoconnect to bugtrackers in Squash TM. In the System Parameters available from Squash TM's Administration workspace, you must activate the option that is in the block Automatic authentication to bugtracker at connection.

Autoconnect

Once the option is activated, Squash TM tries to authenticate automatically the user on the different bugtrackers they are linked to via the projects they are authorized. The information saved in the My Account workspace are then ignored. If that option is deactivated, there is no attempt to automatically connect to the bugtracker. The login credentials taken into account are the ones entered in My Account.

Uninstall LDAP and AD

To uninstall the plugins LDAP and AD, you have to:

  1. Stop Squash TM;

  2. In the file squash.tm.cfg.properties, delete or comment using a # the specific configuration lines of the plugins;

  3. Remove plugin .jar files from Squash TM's plugins folder.