Trouble authenticating active directory access account via LDAP request

Hi all,

I'm trying to set up our Bamboo 4.0.1 instance to access our Active Directory server to create user accounts and then authenticate them. The computer that is running Bamboo is on the same subnet as the Domain Controller, and for pretty much every network access to it we simply just use the server name. I've tried using this, and tried using the DC=network,DC=local values everywhere, both with and without the server name as an additional DC.

I'm using the AD username and password that our IT department supplied. When I use the JXplorer tool it authenticates just fine (I can see the AD setup), but when I use the Paddle tool, I get the following output:

################################################################################
###########################################

LDAP Support Tool version 2.0

################################################################################
###########################################

Failed to connect to LDAP server: Username or password is incorrect. Please check them again.
com.atlassian.paddle.connection.ConnectionException: Username or password is incorrect. Please check them again.
at com.atlassian.paddle.connection.DefaultConnectionFactory.createFriendlyLdapException(DefaultConnectionFactory.java:43)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:34)
at com.atlassian.paddle.task.DefaultTaskRunner.runTask(DefaultTaskRunner.java:33)
at com.atlassian.paddle.Paddle.main(Paddle.java:64)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.atlassian.paddle.connection.DefaultConnectionFactory.createConnection(DefaultConnectionFactory.java:27)
... 2 more

I'm fairly sure that I've got the atlassian-user.xml set up correctly, but our IT dept is unfamiliar with Bamboo and I'm unfamiliar with LDAP as well as being reasonably new to Bamboo. I have done a lot of reading over the last few days, but unfortunately haven't found anything other than that AD requires some form of ou entry but I'm not sure where to put that or what to use (I'm guessing I'd have to get that last bit from the IT dept???)

I've attached the atlassian-user.xml file (had to re-name it since wouldn't allow me to attach with .xml extension) as I've currently got it constructed - though I've blanked out the server name, access username and password for security reasons ;-) .

I'd be grateful for an assist if there's something obvious like missing dc or ou entries.

TIA,

Jason [SolveIT Software] (atlassian-user.xml.txt)

2 answers

1 accepted

This widget could not be displayed.

Specifying principal in the form username@fulladdomain worked for me.

-Xavier.

Applying principal in the form username@fulladdomain worked for me as well.

worked for me, applying principle as test@test.com

Hi Can you tell me what do you mean by applying principal. I am having the same problem.

This widget could not be displayed.

Hi Jason,

As describe on this knowledge base:

The cause of the issue seems to be "invalid credential". However it is weird that you are able to access it successfully using your JXplorer tool but not with Bamboo, especially if the configuration is identical.

The only reason that I could think of, Bamboo might refer to a duplicate user located on another tree which of course use a different credential. Could you please try to use FQDN (Fully Qualified Domain Name) and see if the problem persist.

Hope it helps.

Cheers,
Septa Cahyadiputra

FQDN doesn't work, changing dc's to "dc=<server>,dc=<network>,dc=local" doesn't work, regardless of whether I fully qualify the server name in the host tag.

So changing the username to bind the LDAP server to FQDN does not work. That's weird since the ERROR code is very specific (LDAP: error code 49: Data 52e = incorrect credential).

Could you please double check the credential again

The FQDN I was supplied initially was incorrect, there did need to be an ou entry... changing the access to "ou=<server>,dc=<network>,dc=local" solved the problem.

Great to hear that you found the cause of your issue.

Cheers.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted yesterday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

54 views 1 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you