Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Delegating authentication to Microsoft AD does not work

Tech User 29 December 12, 2019

1. Installed Bitbucket trial version for enterprise admin as admin user id.

2. Followed the instruction provided in the following link to configure delegation:

https://confluence.atlassian.com/bitbucketserver065/delegating-bitbucket-server-authentication-to-an-ldap-directory-976162973.html

Inputs provided by running ldp.exe on the system:

Hostname: dnsHostName from LDP

UserName: Company domain ID used for logging into my system

BASE DN: serviceName from LDP

Checked Copy Users on Login

Test connection successful.

3. Logged out and logged back in using my company ID.

 

Throws an error: Invalid user name or password.

Not sure what I am doing wrong. Looks like I am missing something.

 

 

1 answer

1 accepted

0 votes
Answer accepted
Mikael Sandberg
Community Champion
December 12, 2019

Hi @Tech User 29,

Welcome to the Atlassian Community.

Did you add your AD account as a member of the bitbucket-user group after you did the initial sync with your new user directory?

Tech User 29 December 13, 2019

Thanks Mikael for the reply.

Yes, the user is part of stash-users group that has Bitbucket User checkbox selected in global permissions. I thought the user should get created automatically if I select create users on logon option and provide stash-users as default group but it didn't work. I then created user manually and added it to the stash-users group. Everytime it throws the same error: Invalid username or password.

Checked the logs: No info except audit log has authentication error: AuthenticationFailureEvent | AD user name | 1576186223814

Does the user name input (the distinguished name of user that app will use when connecting to directory server) need any additional privileges? Currently I have set it to my AD user name. 

Mikael Sandberg
Community Champion
December 13, 2019

The user that is being used to connect to the AD in the user directory just needs read access.

Did the user exist in the Bitbucket internal directory before you added the delegated directory? Which directory is first in your list, the internal or the delegated one?

I have not used the delegated option for a user directory, I use AD directories with local groups instead, that way if a user gets updated in the AD it will be reflected in Bitbucket on the next sync.

Tech User 29 December 13, 2019

GlobalPermissions.PNGLoginPage.PNGUserDirectories.PNGUserDirectory.PNG

Mikael Sandberg
Community Champion
December 13, 2019

As a test try and add a new directory that is using AD instead of delegated, once you have that setup you can use Test to verify that Bitbucket can communicate with your AD correctly and get the user. The directory does not have to be enabled in order to use the Test.

User Directories.png

If the test is successful you should see something like this:

Test Remote Directory Connection.png

Tech User 29 December 13, 2019

Thanks Mikael. This one worked.  

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events