• Community
  • Products
  • Crowd
  • Questions
  • Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Setting up LDAP in Crowd for authentication only but "User Group Attribute" is required by setup screen. Our LDAP schema doesn't seem to have memberOf attribute and we wouldn't be using it anyway.

Is there anyway to work around this?

3 answers

1 accepted

Hi Lars,

It looks like you have a Posix based LDAP schema, could you try using one of the Posix based LDAP configurations in Crowd.

Also make sure that you have the "Use the User Membership Attribute" un-ticked on the Connector tab. Here is the specific documentation related to OpenLDAP directories that have a Posix Schema.

http://confluence.atlassian.com/display/CROWD/OpenLDAP+Using+Posix+Schema

Crowd also has a more generic, Posix Schema configuration:

http://confluence.atlassian.com/display/CROWD/Posix+Schema+for+LDAP

Cheers,

Justin

Hi Lars,

Could you please try to use "dummyValue" into your "User Group Attribute" field and ensure that "Group Members Attribute" is valid.

This would force Crowd to use the membership mapped by the groups instead of LDAP users. Please try the above suggestion and let us know how it goes.

Cheers,

Septa Cahyadiputra

Where would I find "group members attribute"? Are you referring to something in our LDAP schema or a setting in Jira?

You could find the mentioned field under the "Group Configuration" section for Crowd, and "Group Schema Setting" for JIRA.

As mentioned earlier, if the mapping of the membership is configured under the groups, you should be able to configure it here, and using "DummyValue" as the "User Group Attribute" value would force Crowd to use only this parameter to retrieve all the necessary membership from your LDAP server.

Hope it helps.

Cheers,

Septa Cahyadiputra

Hi Lars,

What object classes do your Groups and Users implement? Could you give us a sanatised snippet of your LDAP schema as an LDIF for example, so we can give you the best answer possible.

Cheers,

Justin

Here is the schema for users:

dn: dc=people,dc=internap,dc=com
objectclass: organizationalUnit
objectclass: dcObject
objectclass: top
dc: people
ou: people
description: user accounts

dn: uid=barack,dc=people,dc=internap,dc=com
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: top
cn: Barack
sn: Barack
uid: barack
gecos: Barack
givenname: Barack
mail: barack@internap.com

...

Hi Lars,

Could you please provide us the sanitized LDIF of one of your group. What we are looking is the "member" or "uniquemember" parameter where you configured the meber of the particular group.

Cheers,

Septa Cahyadiputra

I hadn't initially planned to use groups since I am using Delegated Authentication Directory seutp but pulling users out of a specific group will be helpful.


dn: cn=stooges,ou=unix,dc=internap,dc=com
objectclass: posixGroup
objectclass: top
cn: stooges
memberuid: curlyhoward
memberuid: joebesser
memberuid: joederita
memberuid: larryfine
memberuid: moehoward
memberuid: shemphoward

Hi Lars,

As mentioend on the previous response, if you put "dummyValue" into your "User Group Attribute" field and "memberuid" into your "Group Members Attribute" field. Crowd would ignore the "dummyvalue" process the membership using the configured "Group Member Attribute".

Could you please try the mentioned suggestion and see if it helps.

Cheers,
Septa Cahyadiputra

No, I'm still getting: "There was an error in updating the directory. Please check the fields to ensure all entries are valid"

Is there any where in the logs where I can see which field is causing an error?

Hi Lars,

Sorry to hear that, logs might be able to help us here but we would need to analyze it and understand the whole configuration.

It would be best if we continue our troubleshooting process trough https://support.atlassian.com/ so that we could see your configuration and logs confidentially.

If it is okay with you, you could attach the screenshot of your detailed configuration here and please let me know the directory type (connector/delegation) you used on your system.

Cheers,

Septa Cahyadiputra

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,159 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you