It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Trouble authenticating active directory access account via LDAP request

Hi all,

I'm trying to set up our Bamboo 4.0.1 instance to access our Active Directory server to create user accounts and then authenticate them. The computer that is running Bamboo is on the same subnet as the Domain Controller, and for pretty much every network access to it we simply just use the server name. I've tried using this, and tried using the DC=network,DC=local values everywhere, both with and without the server name as an additional DC.

I'm using the AD username and password that our IT department supplied. When I use the JXplorer tool it authenticates just fine (I can see the AD setup), but when I use the Paddle tool, I get the following output:

################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Failed to connect to LDAP server: Username or password is incorrect. Please check them again.
com.atlassian.paddle.connection.ConnectionException: Username or password is incorrect. Please check them again.
at com.atlassian.paddle.connection.DefaultConnectionFactory.createFriendlyLdapException(DefaultConnectionFactory.java:43)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:34)
at com.atlassian.paddle.task.DefaultTaskRunner.runTask(DefaultTaskRunner.java:33)
at com.atlassian.paddle.Paddle.main(Paddle.java:64)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:27)
... 2 more

I'm fairly sure that I've got the atlassian-user.xml set up correctly, but our IT dept is unfamiliar with Bamboo and I'm unfamiliar with LDAP as well as being reasonably new to Bamboo. I have done a lot of reading over the last few days, but unfortunately haven't found anything other than that AD requires some form of ou entry but I'm not sure where to put that or what to use (I'm guessing I'd have to get that last bit from the IT dept???)

I've attached the atlassian-user.xml file (had to re-name it since wouldn't allow me to attach with .xml extension) as I've currently got it constructed - though I've blanked out the server name, access username and password for security reasons ;-) .

I'd be grateful for an assist if there's something obvious like missing dc or ou entries.

TIA,

Jason [SolveIT Software] (atlassian-user.xml.txt)

2 answers

1 accepted

10 votes
Answer accepted

Specifying principal in the form username@fulladdomain worked for me.

-Xavier.

Applying principal in the form username@fulladdomain worked for me as well.

worked for me, applying principle as test@test.com

Hi Can you tell me what do you mean by applying principal. I am having the same problem.

Like Wall Tearer likes this

Hi Jason,

As describe on this knowledge base:

The cause of the issue seems to be "invalid credential". However it is weird that you are able to access it successfully using your JXplorer tool but not with Bamboo, especially if the configuration is identical.

The only reason that I could think of, Bamboo might refer to a duplicate user located on another tree which of course use a different credential. Could you please try to use FQDN (Fully Qualified Domain Name) and see if the problem persist.

Hope it helps.

Cheers,
Septa Cahyadiputra

FQDN doesn't work, changing dc's to "dc=<server>,dc=<network>,dc=local" doesn't work, regardless of whether I fully qualify the server name in the host tag.

So changing the username to bind the LDAP server to FQDN does not work. That's weird since the ERROR code is very specific (LDAP: error code 49: Data 52e = incorrect credential).

Could you please double check the credential again

The FQDN I was supplied initially was incorrect, there did need to be an ou entry... changing the access to "ou=<server>,dc=<network>,dc=local" solved the problem.

Great to hear that you found the cause of your issue.

Cheers.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bamboo

Unable to add or edit Bitbucket Cloud repository in Bamboo

On 31 May, a GDPR-related change went live in the Bitbucket Cloud API that resulted in users not being able to create or edit Bitbucket Cloud Linked repositories in Bamboo. This API update removed t...

812 views 2 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you