Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP Atlassian-user.xml configuration

Mark Carbonara
Mark Carbonara May 27, 2013

I'm trying to use LDAP in BAMBOO and I'm very new with LDAP. THis is what I currently have in the Atlassian-User.XML file. I was wondering if I'm leaving something obvious out. I rebooted server and still can use an Active Directory account. When I log into BAMBOO ADMIN and try to SAVE the Custom User REpository I get the following error:

Failed to change the active user repository: Source 'C:\bamboo\xml-data\configuration\atlassian-user-custom.xml' does not exist

- <atlassian-user>
- <repositories>
<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true" />
</repositories>
- <ldap key="ldapRepository" name="ADConnect" cache="true">
<host>dc4.nbme.org</host>
<port>389</port>
<securityPrincipal>CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>DC=nbme,DC=org</baseContext>
<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>
<usernameAttribute>sAMAccountName</usernameAttribute>
</ldap>
</atlassian-user>
Answer
Watch
Like Be the first to like this
3840 views

8 answers

1 accepted

0 votes
Answer accepted
Mark Carbonara
Mark Carbonara June 6, 2013

Yes once, I entered all the other fields which apparently bamboo must have, it started to work.

<firstnameAttribute>givenname</firstnameAttribute> <surnameAttribute>sn</surnameAttribute>

<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=group)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
View More Comments
Sultan Maiyaki
Sultan Maiyaki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 6, 2013

Ok great and thanks for the feedback

Like
Reply
0 votes
Aaron
Aaron Wyatt November 14, 2016

I'm having trouble synchronizing with our LDAP repository.  Running paddle against the custom xml config I have, I see two issues:

  1. Paddle finds no groups for a given user
  2. Paddle doesn't follow the referral given when asking for a group's members

In the atlassian-user.xml documentation I don't see any reference to what Paddle is looking at to determine the group a user object belongs to.  For instance, our users get tagged with the attribute "memberofgroup=groupCN" when they are added to a group.  Is Paddle looking for some default attribute for group membership?  Also, does bamboo support following referrals?

Reply
0 votes
Mark Carbonara
Mark Carbonara May 28, 2013

I contacted our AD guru and he indicates the following based on the last two error below:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=org': Empty filter<font></font>

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=nbme,DC=org': Empty filter

<font></font>

Odd. It looks like it wants you to specify some filtering, but if the goal is to enumerate all users and groups.. the default filters shown below should do just that.

It appears that all that needs to be changed in this query is the root search areas, like so:

<baseUserNamespace>OU=Domain Users,DC=nbme,DC=org</baseUserNamespace>

<baseGroupNamespace>OU=Domain global groups,DC=nbme,DC=org</baseGroupNamespace>

View More Comments
Sultan Maiyaki
Sultan Maiyaki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 28, 2013

Yes that property is required for Bamboo to determine how deep it can go in searching users to be imported. I guess with this, your LDAP connection is fine already

Like
Reply
0 votes
Mark Carbonara
Mark Carbonara May 28, 2013

Got it. Now getting only these two errors and it indicates to contact Atlassian support:

The following errors were encountered in running LDAP tests:

Error performing LDAP search filter 'null', base DN 'OU=Domain Users,DC=nbme,DC=

org': Empty filter

Error performing LDAP search filter 'null', base DN 'OU=Domain global groups,DC=

nbme,DC=org': Empty filter

Reply
0 votes
Mark Carbonara
Mark Carbonara May 28, 2013

When I moved the </repositories> tag after the </ldap> tag I got much futher. This is what I'm getting now; however I'm not so sure if this is an error of if these fields are even mandatory???

Connected to server successfully
-----------------------------------------------------------------
TEST 1: Search and list 10 users
-----------------------------------------------------------------

Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'firstnameAttribute'
Configuration does not have a setting for 'surnameAttribute'
Configuration does not have a setting for 'emailAttribute'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Configuration does not have a setting for 'userSearchFilter'
Configuration does not have a setting for 'baseUserNamespace'
Exception in thread "main" java.lang.NullPointerException
at javax.naming.InitialContext.getURLScheme(Unknown Source)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(Unknown Source)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(Un
known Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at com.atlassian.paddle.search.DefaultSearcher.search(DefaultSearcher.ja
va:36)
at com.atlassian.paddle.task.ListUsersTask.doSearch(ListUsersTask.java:5
5)
at com.atlassian.paddle.task.ListUsersTask.withConnection(ListUsersTask.

View More Comments
Sultan Maiyaki
Sultan Maiyaki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 28, 2013

Hi,

Thats good.. the latest errors shows that you havent add the properties:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
Can you may be provide us with the latest atlassian-user.xml file
Like
Reply
0 votes
Mark Carbonara
Mark Carbonara May 28, 2013

Ok I get the following error: If I take out the line " <ldap key="ldapRepository" name="ADConnect" cache="true">" it goes furhter then complains about the "<atlassian-user>" tag.

C:\TEMP>java -jar paddle-2.0.jar
################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Error reading atlassian-user.xml file: No LDAP settings found in XML configurati
on.
com.atlassian.paddle.configuration.ConfigurationException: No LDAP settings foun
d in XML configuration.
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.setAtla
ssianUserXml(AtlassianUserConfiguration.java:62)
at com.atlassian.paddle.configuration.AtlassianUserConfiguration.<init>(
AtlassianUserConfiguration.java:34)
at com.atlassian.paddle.Paddle.main(Paddle.java:44)

Reply
0 votes
Mark Carbonara
Mark Carbonara May 28, 2013

THe error about saving the User Repository went away by creating a new file as indicated above; however restarting bamboo still didn't get the AD users retrieved. I can only get in via the initial admin account. Strange because we use AD with JIRA as indicated below and have had no issues.Our JIRA product which works fine with LDAP is using the following: in the OSUSER.XML file:
<opensymphony-user>
<authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator" />
- <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider">
<property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
<property name="java.naming.provider.url">ldap://dc4.nbme.org:389</property>
<property name="searchBase">OU=Domain Users,DC=nbme,DC=org</property>
<property name="uidSearchName">sAMAccountName</property>
<property name="java.naming.security.principal">CN=LDAP Connect,OU=Domain Guests,OU=Domain Users,DC=nbme,DC=org</property>
<property name="java.naming.security.credentials">secret</property>
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizProfileProvider">
<property name="exclusive-access">true</property>
</provider>
- <provider class="com.atlassian.jira.user.osuser.JiraOFBizAccessProvider">
<property name="exclusive-access">true</property>
</provider>
</opensymphony-user>

View More Comments
Sultan Maiyaki
Sultan Maiyaki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 28, 2013

Hi,

Great.. can you try to use the paddle tool to check connectivity and users and groups retrieved https://confluence.atlassian.com/display/BAMBOO/Testing+LDAP+or+Active+Directory+connectivity+with+Paddle

Like
Reply
0 votes
Sultan Maiyaki
Sultan Maiyaki
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 27, 2013

It seems correct but missing some group related attributes. can you try to create a new file called atlassian-user-custom.xml in the {{BAMBOOHOME/xml-data/configuration/}} directory and let it have same content as the atlassian-user.xml file. Let me know the outcome after restarting Bamboo whether Users will be retrieved.

Again try to add attributes like below as suggested in https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+LDAP:

<baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>

Regards,
Sultan

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events