Stash can't see a new user in Active Directory

I have a Stash server configured with external User   Directory (Active Directory). It worked fine.  I can see a lot of our users in Stash (/Administration/User) and they can log in into the Stash.

But now a new user was created in our AD and Stash can't find him. I run full synchronization, restarted Stash. Nothing helps. Evething is good, no errors but  no user in Stash.

How can I diagnose what is wrong with synchronization in Stash?

 

Some more details on my configuration. The missing user is located under the same node in AD as other ones. And it has the same userClass (user) and objectCategory (Person).I can see the user in AD with Apache Directory Studio. I can find it with the filter used by Stash ( "(&(objectCategory=Person)(sAMAccountName=*))").

I really can't see any difference between "good users" and the "bad one".

3 answers

1 accepted

The solution:

Turn off "Manage User Status Locally" option in Advanced Settings in "Configure LDAP User Directory" and re-run synch.

The cause:

Stash with enabled "Manage User Status Locally" option cache users' status (enabled\disabled) forever. For example during first synch when Stash found a user he was disabled so Stash creates in internal DB a user record with IS_ACTIVE='F' flag and do not change it anymore. Even after that the user is enabled in LDAP he is still disabled in Stash. Disabled users are not shown in Administration/Users, so the only way to find out user's status is to look in DB:

select * from cwd_user where directory_id = 229377 and lower_user_name = 'jsmith';

0 votes

Are you using delegated authentication? If so, ask the user to login once.

If not, check if the missing user and others are in the same groups or not. You can also check the user filter and group filter settings under Advanced settings of the directory configuration.

In Administration/Users I see all users even those who did't login ever. The missing user can't login (it's normal as he is missing in Stash). I believe that extracting users from the Directory should NOT depend on user' group membership. I provided the filter for users ("User Object Filter") in my question.

"I believe that extracting users from the Directory should NOT depend on user' group membership. ". It is not - by default but you have the option to do that if you want. Worth checking if someone added a group filter or not. Did you check the groups of the missing user and compared him with others?

I'm not sure that I understand you. "Group filter" is a filter for extracting group (un Groupd Schema Settings) is it? Or you're referring something else? I Groups memberships are differrent indeed. It's ok as different users are included in different groups, it's very hard to compare. They are should not be identical. All AD users automatically are included in local stash-users group.

Ah sorry, I got confused myself. Yes, you only need to worry about the user filter for missing users. I can't figure out anything wrong from the settings you attached. If it is not delegated auth, users should come across as long as they are under the correct base dn.

Agree with Jobin, the user is probably excluded by the user filter. Check the user's LDAP record against the filter.

Here's my LDAP settings:

stash_ldap_config.jpg

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

636 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot