Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Trouble authenticating active directory access account via LDAP request

Hi all,

I'm trying to set up our Bamboo 4.0.1 instance to access our Active Directory server to create user accounts and then authenticate them. The computer that is running Bamboo is on the same subnet as the Domain Controller, and for pretty much every network access to it we simply just use the server name. I've tried using this, and tried using the DC=network,DC=local values everywhere, both with and without the server name as an additional DC.

I'm using the AD username and password that our IT department supplied. When I use the JXplorer tool it authenticates just fine (I can see the AD setup), but when I use the Paddle tool, I get the following output:

################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Failed to connect to LDAP server: Username or password is incorrect. Please check them again.
com.atlassian.paddle.connection.ConnectionException: Username or password is incorrect. Please check them again.
at com.atlassian.paddle.connection.DefaultConnectionFactory.createFriendlyLdapException(DefaultConnectionFactory.java:43)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:34)
at com.atlassian.paddle.task.DefaultTaskRunner.runTask(DefaultTaskRunner.java:33)
at com.atlassian.paddle.Paddle.main(Paddle.java:64)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:27)
... 2 more

I'm fairly sure that I've got the atlassian-user.xml set up correctly, but our IT dept is unfamiliar with Bamboo and I'm unfamiliar with LDAP as well as being reasonably new to Bamboo. I have done a lot of reading over the last few days, but unfortunately haven't found anything other than that AD requires some form of ou entry but I'm not sure where to put that or what to use (I'm guessing I'd have to get that last bit from the IT dept???)

I've attached the atlassian-user.xml file (had to re-name it since wouldn't allow me to attach with .xml extension) as I've currently got it constructed - though I've blanked out the server name, access username and password for security reasons ;-) .

I'd be grateful for an assist if there's something obvious like missing dc or ou entries.

TIA,

Jason [SolveIT Software] (atlassian-user.xml.txt)

2 answers

1 accepted

12 votes
Answer accepted

Specifying principal in the form username@fulladdomain worked for me.

-Xavier.

Applying principal in the form username@fulladdomain worked for me as well.

worked for me, applying principle as test@test.com

Hi Can you tell me what do you mean by applying principal. I am having the same problem.

Like Wall Tearer likes this

This worked for me too. 

I changed code from...

env.put(Context.SECURITY_PRINCIPAL, enteredUsername);

To...

env.put(Context.SECURITY_PRINCIPAL, enteredUsername + "@companydomain.com");

And it worked great for me! Also just in case it helps anyone, here is my function to authenticate users on Active Directory...

private boolean authenticateUserInActiveDirectory(String enteredUsername, String enteredPassword) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://x.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, enteredUsername + "@companydomain.com");
env.put(Context.SECURITY_CREDENTIALS, enteredPassword);
env.put(Context.REFERRAL, "follow");
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
} catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
} catch (javax.naming.NamingException e) {
e.printStackTrace();
}
if (ctx != null) {
System.out.println("Username and Password matches in AD.");
}
return ctx != null;
}

 Be sure to replace x.x.x.x with the proper IP address and companydomain with the proper domain name

This worked for me for another LDAP Import, for importing into Insight.

Thanks.

Hi Jason,

As describe on this knowledge base:

The cause of the issue seems to be "invalid credential". However it is weird that you are able to access it successfully using your JXplorer tool but not with Bamboo, especially if the configuration is identical.

The only reason that I could think of, Bamboo might refer to a duplicate user located on another tree which of course use a different credential. Could you please try to use FQDN (Fully Qualified Domain Name) and see if the problem persist.

Hope it helps.

Cheers,
Septa Cahyadiputra

FQDN doesn't work, changing dc's to "dc=<server>,dc=<network>,dc=local" doesn't work, regardless of whether I fully qualify the server name in the host tag.

So changing the username to bind the LDAP server to FQDN does not work. That's weird since the ERROR code is very specific (LDAP: error code 49: Data 52e = incorrect credential).

Could you please double check the credential again

The FQDN I was supplied initially was incorrect, there did need to be an ou entry... changing the access to "ou=<server>,dc=<network>,dc=local" solved the problem.

Great to hear that you found the cause of your issue.

Cheers.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.1 is here and is packed with value!

I'm happy to announce that Bamboo 7.1 has been released and it’s overflowing with awesome new features. Top-voted issues First and foremost, a bunch of JAC top voted issues has been delivered - y...

926 views 4 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you