Hi all,
I'm trying to set up our Bamboo 4.0.1 instance to access our Active Directory server to create user accounts and then authenticate them. The computer that is running Bamboo is on the same subnet as the Domain Controller, and for pretty much every network access to it we simply just use the server name. I've tried using this, and tried using the DC=network,DC=local values everywhere, both with and without the server name as an additional DC.
I'm using the AD username and password that our IT department supplied. When I use the JXplorer tool it authenticates just fine (I can see the AD setup), but when I use the Paddle tool, I get the following output:
################################################################################
###########################################
LDAP Support Tool version 2.0
################################################################################
###########################################
Failed to connect to LDAP server: Username or password is incorrect. Please check them again.
com.atlassian.paddle.connection.ConnectionException: Username or password is incorrect. Please check them again.
at com.atlassian.paddle.connection.DefaultConnectionFactory.createFriendlyLdapException(DefaultConnectionFactory.java:43)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:34)
at com.atlassian.paddle.task.DefaultTaskRunner.runTask(DefaultTaskRunner.java:33)
at com.atlassian.paddle.Paddle.main(Paddle.java:64)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:27)
... 2 more
I'm fairly sure that I've got the atlassian-user.xml set up correctly, but our IT dept is unfamiliar with Bamboo and I'm unfamiliar with LDAP as well as being reasonably new to Bamboo. I have done a lot of reading over the last few days, but unfortunately haven't found anything other than that AD requires some form of ou entry but I'm not sure where to put that or what to use (I'm guessing I'd have to get that last bit from the IT dept???)
I've attached the atlassian-user.xml file (had to re-name it since wouldn't allow me to attach with .xml extension) as I've currently got it constructed - though I've blanked out the server name, access username and password for security reasons ;-) .
I'd be grateful for an assist if there's something obvious like missing dc or ou entries.
TIA,
Jason [SolveIT Software] (atlassian-user.xml.txt)
Specifying principal in the form username@fulladdomain worked for me.
-Xavier.
Applying principal in the form username@fulladdomain worked for me as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
worked for me, applying principle as test@test.com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Can you tell me what do you mean by applying principal. I am having the same problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This worked for me too.
I changed code from...
env.put(Context.SECURITY_PRINCIPAL, enteredUsername);
To...
env.put(Context.SECURITY_PRINCIPAL, enteredUsername + "@companydomain.com");
And it worked great for me! Also just in case it helps anyone, here is my function to authenticate users on Active Directory...
private boolean authenticateUserInActiveDirectory(String enteredUsername, String enteredPassword) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://x.x.x.x:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, enteredUsername + "@companydomain.com");
env.put(Context.SECURITY_CREDENTIALS, enteredPassword);
env.put(Context.REFERRAL, "follow");
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
} catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
} catch (javax.naming.NamingException e) {
e.printStackTrace();
}
if (ctx != null) {
System.out.println("Username and Password matches in AD.");
}
return ctx != null;
}
Be sure to replace x.x.x.x with the proper IP address and companydomain with the proper domain name
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This worked for me for another LDAP Import, for importing into Insight.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jason,
As describe on this knowledge base:
The cause of the issue seems to be "invalid credential". However it is weird that you are able to access it successfully using your JXplorer tool but not with Bamboo, especially if the configuration is identical.
The only reason that I could think of, Bamboo might refer to a duplicate user located on another tree which of course use a different credential. Could you please try to use FQDN (Fully Qualified Domain Name) and see if the problem persist.
Hope it helps.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
FQDN doesn't work, changing dc's to "dc=<server>,dc=<network>,dc=local" doesn't work, regardless of whether I fully qualify the server name in the host tag.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So changing the username to bind the LDAP server to FQDN does not work. That's weird since the ERROR code is very specific (LDAP: error code 49: Data 52e = incorrect credential).
Could you please double check the credential again
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The FQDN I was supplied initially was incorrect, there did need to be an ou entry... changing the access to "ou=<server>,dc=<network>,dc=local" solved the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great to hear that you found the cause of your issue.
Cheers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.