It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

LDAP Atlassian-user.xml configuration

I'm trying to use LDAP in BAMBOO and I'm very new with LDAP. THis is what I currently have in the Atlassian-User.XML file. I was wondering if I'm leaving something obvious out. I rebooted server and still can use an Active Directory account. When I log into BAMBOO ADMIN and try to SAVE the Custom User REpository I get the following error:

Failed to change the active user repository: Source 'C:\bamboo\xml-data\configuration\atlassian-user-custom.xml' does not exist

- <atlassian-user>
- <repositories>
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true" />
</repositories>
- <ldap key="ldapRepository" name="ADConnect" cache="true">
<host>dc4.nbme.org</host>
<port>389</port>
<securityPrincipal>CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>DC=nbme,DC=org</baseContext>
<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>
<usernameAttribute>sAMAccountName</usernameAttribute>
</ldap>
</atlassian-user>

8 answers

1 accepted

0 votes
Answer accepted

Yes once, I entered all the other fields which apparently bamboo must have, it started to work.

<firstnameAttribute>givenname</firstnameAttribute> <surnameAttribute>sn</surnameAttribute>

<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=group)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>

Ok great and thanks for the feedback

It seems correct but missing some group related attributes. can you try to create a new file called atlassian-user-custom.xml in the {{BAMBOOHOME/xml-data/configuration/}} directory and let it have same content as the atlassian-user.xml file. Let me know the outcome after restarting Bamboo whether Users will be retrieved.

Again try to add attributes like below as suggested in https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+LDAP:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>

Regards,
Sultan

THe error about saving the User Repository went away by creating a new file as indicated above; however restarting bamboo still didn't get the AD users retrieved. I can only get in via the initial admin account. Strange because we use AD with JIRA as indicated below and have had no issues.Our JIRA product which works fine with LDAP is using the following: in the OSUSER.XML file:
<opensymphony-user>
<authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator" />
- <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider">
<property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
<property name="java.naming.provider.url">ldap://dc4.nbme.org:389</property>
<property name="searchBase">OU=Domain Users,DC=nbme,DC=org</property>
<property name="uidSearchName">sAMAccountName</property>
<property name="java.naming.security.principal">CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</property>
<property name="java.naming.security.credentials">secret</property>
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizProfileProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizAccessProvider">
<property name="exclusive-access">true</property>
</provider>
</opensymphony-user>

Hi,

Great.. can you try to use the paddle tool to check connectivity and users and groups retrieved https://confluence.atlassian.com/display/BAMBOO/Testing+LDAP+or+Active+Directory+connectivity+with+Paddle

Ok I get the following error: If I take out the line " <ldap key="ldapRepository" name="ADConnect" cache="true">" it goes furhter then complains about the "<atlassian-user>" tag.

C:\TEMP>java -jar paddle-2.0.jar
################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Error reading atlassian-user.xml file: No LDAP settings found in XML configurati
on.
com.atlassian.paddle.configuration.ConfigurationException: No LDAP settings foun
d in XML configuration.
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.setAtla
ssianUserXml(AtlassianUserConfiguration.java:62)
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.<init>(
AtlassianUserConfiguration.java:34)
at com.atlassian.paddle.Paddle.main(Paddle.java:44)

When I moved the </repositories> tag after the </ldap> tag I got much futher. This is what I'm getting now; however I'm not so sure if this is an error of if these fields are even mandatory???

Connected to server successfully
-----------------------------------------------------------------
TEST 1: Search and list 10 users
-----------------------------------------------------------------

Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'firstnameAttribute'
Configuration does not have a setting for 'surnameAttribute'
Configuration does not have a setting for 'emailAttribute'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Exception in thread "main" java.lang.NullPointerException
at javax.naming.InitialContext.getURLScheme(Unknown Source)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(Unknown Source)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(Un
known Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at com.atlassian.paddle.search.DefaultSearcher.search(DefaultSearcher.ja
va:36)
at com.atlassian.paddle.task.ListUsersTask.doSearch(ListUsersTask.java:5
5)
at com.atlassian.paddle.task.ListUsersTask.withConnection(ListUsersTask.

Hi,

Thats good.. the latest errors shows that you havent add the properties:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
Can you may be provide us with the latest atlassian-user.xml file

Got it. Now getting only these two errors and it indicates to contact Atlassian support:

The following errors were encountered in running LDAP tests:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=

org': Empty filter

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=

nbme,DC=org': Empty filter

I contacted our AD guru and he indicates the following based on the last two error below:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=org': Empty filter<font></font>

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=nbme,DC=org': Empty filter

<font></font>

Odd. It looks like it wants you to specify some filtering, but if the goal is to enumerate all users and groups.. the default filters shown below should do just that.

It appears that all that needs to be changed in this query is the root search areas, like so:

<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>

<baseGroupNamespace>OU=Domain global groups,DC=nbme,DC=org</baseGroupNamespace>

Yes that property is required for Bamboo to determine how deep it can go in searching users to be imported. I guess with this, your LDAP connection is fine already

I'm having trouble synchronizing with our LDAP repository.  Running paddle against the custom xml config I have, I see two issues:

  1. Paddle finds no groups for a given user
  2. Paddle doesn't follow the referral given when asking for a group's members

In the atlassian-user.xml documentation I don't see any reference to what Paddle is looking at to determine the group a user object belongs to.  For instance, our users get tagged with the attribute "memberofgroup=groupCN" when they are added to a group.  Is Paddle looking for some default attribute for group membership?  Also, does bamboo support following referrals?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bamboo

Unable to add or edit Bitbucket Cloud repository in Bamboo

On 31 May, a GDPR-related change went live in the Bitbucket Cloud API that resulted in users not being able to create or edit Bitbucket Cloud Linked repositories in Bamboo. This API update removed t...

453 views 2 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you