LDAP Atlassian-user.xml configuration

I'm trying to use LDAP in BAMBOO and I'm very new with LDAP. THis is what I currently have in the Atlassian-User.XML file. I was wondering if I'm leaving something obvious out. I rebooted server and still can use an Active Directory account. When I log into BAMBOO ADMIN and try to SAVE the Custom User REpository I get the following error:

Failed to change the active user repository: Source 'C:\bamboo\xml-data\configuration\atlassian-user-custom.xml' does not exist

- <atlassian-user>
- <repositories>
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true" />
</repositories>
- <ldap key="ldapRepository" name="ADConnect" cache="true">
<host>dc4.nbme.org</host>
<port>389</port>
<securityPrincipal>CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>DC=nbme,DC=org</baseContext>
<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>
<usernameAttribute>sAMAccountName</usernameAttribute>
</ldap>
</atlassian-user>

8 answers

1 accepted

Accepted Answer
0 votes

Yes once, I entered all the other fields which apparently bamboo must have, it started to work.

<firstnameAttribute>givenname</firstnameAttribute> <surnameAttribute>sn</surnameAttribute>

<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=group)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>

Ok great and thanks for the feedback

It seems correct but missing some group related attributes. can you try to create a new file called atlassian-user-custom.xml in the {{BAMBOOHOME/xml-data/configuration/}} directory and let it have same content as the atlassian-user.xml file. Let me know the outcome after restarting Bamboo whether Users will be retrieved.

Again try to add attributes like below as suggested in https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+LDAP:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>

Regards,
Sultan

THe error about saving the User Repository went away by creating a new file as indicated above; however restarting bamboo still didn't get the AD users retrieved. I can only get in via the initial admin account. Strange because we use AD with JIRA as indicated below and have had no issues.Our JIRA product which works fine with LDAP is using the following: in the OSUSER.XML file:
<opensymphony-user>
<authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator" />
- <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider">
<property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
<property name="java.naming.provider.url">ldap://dc4.nbme.org:389</property>
<property name="searchBase">OU=Domain Users,DC=nbme,DC=org</property>
<property name="uidSearchName">sAMAccountName</property>
<property name="java.naming.security.principal">CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</property>
<property name="java.naming.security.credentials">secret</property>
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizProfileProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizAccessProvider">
<property name="exclusive-access">true</property>
</provider>
</opensymphony-user>

Hi,

Great.. can you try to use the paddle tool to check connectivity and users and groups retrieved https://confluence.atlassian.com/display/BAMBOO/Testing+LDAP+or+Active+Directory+connectivity+with+Paddle

Ok I get the following error: If I take out the line " <ldap key="ldapRepository" name="ADConnect" cache="true">" it goes furhter then complains about the "<atlassian-user>" tag.

C:\TEMP>java -jar paddle-2.0.jar
################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Error reading atlassian-user.xml file: No LDAP settings found in XML configurati
on.
com.atlassian.paddle.configuration.ConfigurationException: No LDAP settings foun
d in XML configuration.
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.setAtla
ssianUserXml(AtlassianUserConfiguration.java:62)
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.<init>(
AtlassianUserConfiguration.java:34)
at com.atlassian.paddle.Paddle.main(Paddle.java:44)

When I moved the </repositories> tag after the </ldap> tag I got much futher. This is what I'm getting now; however I'm not so sure if this is an error of if these fields are even mandatory???

Connected to server successfully
-----------------------------------------------------------------
TEST 1: Search and list 10 users
-----------------------------------------------------------------

Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'firstnameAttribute'
Configuration does not have a setting for 'surnameAttribute'
Configuration does not have a setting for 'emailAttribute'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Exception in thread "main" java.lang.NullPointerException
at javax.naming.InitialContext.getURLScheme(Unknown Source)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(Unknown Source)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(Un
known Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at com.atlassian.paddle.search.DefaultSearcher.search(DefaultSearcher.ja
va:36)
at com.atlassian.paddle.task.ListUsersTask.doSearch(ListUsersTask.java:5
5)
at com.atlassian.paddle.task.ListUsersTask.withConnection(ListUsersTask.

Hi,

Thats good.. the latest errors shows that you havent add the properties:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
Can you may be provide us with the latest atlassian-user.xml file

Got it. Now getting only these two errors and it indicates to contact Atlassian support:

The following errors were encountered in running LDAP tests:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=

org': Empty filter

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=

nbme,DC=org': Empty filter

I contacted our AD guru and he indicates the following based on the last two error below:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=org': Empty filter<font></font>

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=nbme,DC=org': Empty filter

<font></font>

Odd. It looks like it wants you to specify some filtering, but if the goal is to enumerate all users and groups.. the default filters shown below should do just that.

It appears that all that needs to be changed in this query is the root search areas, like so:

<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>

<baseGroupNamespace>OU=Domain global groups,DC=nbme,DC=org</baseGroupNamespace>

Yes that property is required for Bamboo to determine how deep it can go in searching users to be imported. I guess with this, your LDAP connection is fine already

I'm having trouble synchronizing with our LDAP repository.  Running paddle against the custom xml config I have, I see two issues:

  1. Paddle finds no groups for a given user
  2. Paddle doesn't follow the referral given when asking for a group's members

In the atlassian-user.xml documentation I don't see any reference to what Paddle is looking at to determine the group a user object belongs to.  For instance, our users get tagged with the attribute "memberofgroup=groupCN" when they are added to a group.  Is Paddle looking for some default attribute for group membership?  Also, does bamboo support following referrals?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published yesterday in Jira Ops

Jira Ops Early Access Program Update #2: Let’s talk severity levels

Welcome to your weekly Jira Ops Early access program update, where we’re sharing news and updates on Jira Ops' progress as we work toward our 1.0 release. If you ever want to drop us feedback or idea...

41 views 0 0
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you