Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot find error message in log files explaining LDAP test failure

Mike Bauer
Mike Bauer November 2, 2022

I am attempting to set up Jira to use our existing LDAP server (Red Hat Directory Server).  It produces

Test get user's memberships : Failed

when I try to test the setup.  Unlike some of the other errors Jira produces, there is no additional information in the test result.

I see other answers here (e.g. https://community.atlassian.com/t5/Jira-questions/Test-get-user-s-memberships-Failed/qaq-p/650228) saying that I should look in

/<jira-install>/logs/atlassian-jira.log

but that file does not exist.  Looking in all available log files, the following string pairs do not appear together in any single line in any log file:

ldap group

ldap fail

ldap member

fail group

member sync

member fail

What is the specific string I should be looking for to find the error?  Or, if there's logging to be turned up, what logging do I need to increase?

Note that our LDAP server does not support memberOf, which is probably the main issue here.  Is there a way to get Jira to use LDAP without memberOf support?

Answer
Watch
Like Be the first to like this
1349 views

1 answer

0 votes
Benjamin
Benjamin
Community Champion
November 2, 2022

Hi @Mike Bauer ,

 

The Jira log is usually in the home directory and no the install directory. Here's a list of where each of the logs are stored.

 

https://confluence.atlassian.com/jirakb/useful-log-files-in-jira-1027120387.html

 

Whoever I had issues with syncing or connection errors, that is the log I check on. I don't remember the keywords or strings but you can tail the logs at the same time testing the connection. As soon as you click on test connection, you should see the error pop in the log with further details.

 

-Ben

View More Comments
Mike Bauer
Mike Bauer November 2, 2022

Thank you for that, I hadn't realized that there was a separate Jira home directory -- particularly since ~/jira -- the role user -- has nothing in its home directory.  I've found atlassian-jira.log.  It still contains no hint as to what's wrong.

Is there some way to turn up the logging such that it will show the exact LDAP query it's trying to make?  I'd expect the word 'member' to show up if it was logging that, and 'member' appears nowhere in the logs.

Unfortunately, I still think the fundamental problem here is that our LDAP server does not support memberOf.

Like
Mike Bauer
Mike Bauer November 2, 2022

I've tried altering com.atlassian.jira.web.action.util.LDAPConfigurer, the only logger listed under "Default Loggers" that contains the string 'ldap', to 'debug', but that produced nothing of value.

I then tried changing both com.atlassian.crowd.directory and com.atlassian.gadgets.directory to 'debug', which produced the LDAP query.  Unfortunately, this isn't something I can fix by changing the schema configuration.  It's trying to find our groups with:

(&(objectclass=posixgroup)(memberUid=uid=[username],ou=people,[base-dn]))

when it should be simply doing

(&(objectclass=posixgroup)(memberUid=[username]))

And yes, as I suspected, it's our lack of memberOf support.

Is there any way to get Jira to work with an LDAP server that does group lookup by bare username instead of a full dn?

Like
Mike Bauer
Mike Bauer November 2, 2022

...and to answer my own question, changing the server type to "FedoraDS (Read-Only Posix Schema" from "Generic Directory Server" did the trick.

Like Benjamin likes this
Benjamin
Benjamin
Community Champion
November 2, 2022

I'm not sure as I've always use memberOf. You may want to also post in the crowd group to see if any one face similar setup/issue in this regard.

 

https://community.atlassian.com/t5/Crowd/ct-p/crowd

 

-Ben

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
9.3.1
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security