Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Delegating authentication to Microsoft AD does not work

1. Installed Bitbucket trial version for enterprise admin as admin user id.

2. Followed the instruction provided in the following link to configure delegation:

https://confluence.atlassian.com/bitbucketserver065/delegating-bitbucket-server-authentication-to-an-ldap-directory-976162973.html

Inputs provided by running ldp.exe on the system:

Hostname: dnsHostName from LDP

UserName: Company domain ID used for logging into my system

BASE DN: serviceName from LDP

Checked Copy Users on Login

Test connection successful.

3. Logged out and logged back in using my company ID.

 

Throws an error: Invalid user name or password.

Not sure what I am doing wrong. Looks like I am missing something.

 

 

1 answer

1 accepted

0 votes
Answer accepted
Mikael Sandberg Community Leader Dec 12, 2019

Hi @Tech User 29,

Welcome to the Atlassian Community.

Did you add your AD account as a member of the bitbucket-user group after you did the initial sync with your new user directory?

Thanks Mikael for the reply.

Yes, the user is part of stash-users group that has Bitbucket User checkbox selected in global permissions. I thought the user should get created automatically if I select create users on logon option and provide stash-users as default group but it didn't work. I then created user manually and added it to the stash-users group. Everytime it throws the same error: Invalid username or password.

Checked the logs: No info except audit log has authentication error: AuthenticationFailureEvent | AD user name | 1576186223814

Does the user name input (the distinguished name of user that app will use when connecting to directory server) need any additional privileges? Currently I have set it to my AD user name. 

Mikael Sandberg Community Leader Dec 13, 2019

The user that is being used to connect to the AD in the user directory just needs read access.

Did the user exist in the Bitbucket internal directory before you added the delegated directory? Which directory is first in your list, the internal or the delegated one?

I have not used the delegated option for a user directory, I use AD directories with local groups instead, that way if a user gets updated in the AD it will be reflected in Bitbucket on the next sync.

Mikael Sandberg Community Leader Dec 13, 2019

As a test try and add a new directory that is using AD instead of delegated, once you have that setup you can use Test to verify that Bitbucket can communicate with your AD correctly and get the user. The directory does not have to be enabled in order to use the Test.

User Directories.png

If the test is successful you should see something like this:

Test Remote Directory Connection.png

Thanks Mikael. This one worked.  

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,920 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you