Setting up LDAP in Crowd for authentication only but "User Group Attribute" is required by setup screen. Our LDAP schema doesn't seem to have memberOf attribute and we wouldn't be using it anyway.
Is there anyway to work around this?
Hi Lars,
It looks like you have a Posix based LDAP schema, could you try using one of the Posix based LDAP configurations in Crowd.
Also make sure that you have the "Use the User Membership Attribute" un-ticked on the Connector tab. Here is the specific documentation related to OpenLDAP directories that have a Posix Schema.
http://confluence.atlassian.com/display/CROWD/OpenLDAP+Using+Posix+Schema
Crowd also has a more generic, Posix Schema configuration:
http://confluence.atlassian.com/display/CROWD/Posix+Schema+for+LDAP
Cheers,
Justin
Hi Lars,
Could you please try to use "dummyValue" into your "User Group Attribute" field and ensure that "Group Members Attribute" is valid.
This would force Crowd to use the membership mapped by the groups instead of LDAP users. Please try the above suggestion and let us know how it goes.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Where would I find "group members attribute"? Are you referring to something in our LDAP schema or a setting in Jira?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You could find the mentioned field under the "Group Configuration" section for Crowd, and "Group Schema Setting" for JIRA.
As mentioned earlier, if the mapping of the membership is configured under the groups, you should be able to configure it here, and using "DummyValue" as the "User Group Attribute" value would force Crowd to use only this parameter to retrieve all the necessary membership from your LDAP server.
Hope it helps.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
What object classes do your Groups and Users implement? Could you give us a sanatised snippet of your LDAP schema as an LDIF for example, so we can give you the best answer possible.
Cheers,
Justin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here is the schema for users:
dn: dc=people,dc=internap,dc=com
objectclass: organizationalUnit
objectclass: dcObject
objectclass: top
dc: people
ou: people
description: user accounts
dn: uid=barack,dc=people,dc=internap,dc=com
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: top
cn: Barack
sn: Barack
uid: barack
gecos: Barack
givenname: Barack
mail: barack@internap.com
...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
Could you please provide us the sanitized LDIF of one of your group. What we are looking is the "member" or "uniquemember" parameter where you configured the meber of the particular group.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I hadn't initially planned to use groups since I am using Delegated Authentication Directory seutp but pulling users out of a specific group will be helpful.
dn: cn=stooges,ou=unix,dc=internap,dc=com
objectclass: posixGroup
objectclass: top
cn: stooges
memberuid: curlyhoward
memberuid: joebesser
memberuid: joederita
memberuid: larryfine
memberuid: moehoward
memberuid: shemphoward
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
As mentioend on the previous response, if you put "dummyValue" into your "User Group Attribute" field and "memberuid" into your "Group Members Attribute" field. Crowd would ignore the "dummyvalue" process the membership using the configured "Group Member Attribute".
Could you please try the mentioned suggestion and see if it helps.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, I'm still getting: "There was an error in updating the directory. Please check the fields to ensure all entries are valid"
Is there any where in the logs where I can see which field is causing an error?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
Sorry to hear that, logs might be able to help us here but we would need to analyze it and understand the whole configuration.
It would be best if we continue our troubleshooting process trough https://support.atlassian.com/ so that we could see your configuration and logs confidentially.
If it is okay with you, you could attach the screenshot of your detailed configuration here and please let me know the directory type (connector/delegation) you used on your system.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.