Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Delegating authentication to Microsoft AD does not work

Tech User 29
Tech User 29 December 12, 2019

1. Installed Bitbucket trial version for enterprise admin as admin user id.

2. Followed the instruction provided in the following link to configure delegation:

https://confluence.atlassian.com/bitbucketserver065/delegating-bitbucket-server-authentication-to-an-ldap-directory-976162973.html

Inputs provided by running ldp.exe on the system:

Hostname: dnsHostName from LDP

UserName: Company domain ID used for logging into my system

BASE DN: serviceName from LDP

Checked Copy Users on Login

Test connection successful.

3. Logged out and logged back in using my company ID.

 

Throws an error: Invalid user name or password.

Not sure what I am doing wrong. Looks like I am missing something.

 

 

Answer
Watch
Like Be the first to like this
727 views

1 answer

1 accepted

0 votes
Answer accepted
Mikael Sandberg
Mikael Sandberg
Community Champion
December 12, 2019

Hi @Tech User 29,

Welcome to the Atlassian Community.

Did you add your AD account as a member of the bitbucket-user group after you did the initial sync with your new user directory?

View More Comments
Tech User 29
Tech User 29 December 13, 2019

Thanks Mikael for the reply.

Yes, the user is part of stash-users group that has Bitbucket User checkbox selected in global permissions. I thought the user should get created automatically if I select create users on logon option and provide stash-users as default group but it didn't work. I then created user manually and added it to the stash-users group. Everytime it throws the same error: Invalid username or password.

Checked the logs: No info except audit log has authentication error: AuthenticationFailureEvent | AD user name | 1576186223814

Does the user name input (the distinguished name of user that app will use when connecting to directory server) need any additional privileges? Currently I have set it to my AD user name. 

Like
Mikael Sandberg
Mikael Sandberg
Community Champion
December 13, 2019

The user that is being used to connect to the AD in the user directory just needs read access.

Did the user exist in the Bitbucket internal directory before you added the delegated directory? Which directory is first in your list, the internal or the delegated one?

I have not used the delegated option for a user directory, I use AD directories with local groups instead, that way if a user gets updated in the AD it will be reflected in Bitbucket on the next sync.

Like
Tech User 29
Tech User 29 December 13, 2019

GlobalPermissions.PNGLoginPage.PNGUserDirectories.PNGUserDirectory.PNG

Like
Mikael Sandberg
Mikael Sandberg
Community Champion
December 13, 2019

As a test try and add a new directory that is using AD instead of delegated, once you have that setup you can use Test to verify that Bitbucket can communicate with your AD correctly and get the user. The directory does not have to be enabled in order to use the Test.

User Directories.png

If the test is successful you should see something like this:

Test Remote Directory Connection.png

Like
Tech User 29
Tech User 29 December 13, 2019

Thanks Mikael. This one worked.  

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security