• Community
  • Products
  • Crowd
  • Questions
  • Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Setting up LDAP in Crowd for authentication only but "User Group Attribute" is required by setup screen. Our LDAP schema doesn't seem to have memberOf attribute and we wouldn't be using it anyway.

Is there anyway to work around this?

3 answers

1 accepted

Hi Lars,

It looks like you have a Posix based LDAP schema, could you try using one of the Posix based LDAP configurations in Crowd.

Also make sure that you have the "Use the User Membership Attribute" un-ticked on the Connector tab. Here is the specific documentation related to OpenLDAP directories that have a Posix Schema.

http://confluence.atlassian.com/display/CROWD/OpenLDAP+Using+Posix+Schema

Crowd also has a more generic, Posix Schema configuration:

http://confluence.atlassian.com/display/CROWD/Posix+Schema+for+LDAP

Cheers,

Justin

Hi Lars,

Could you please try to use "dummyValue" into your "User Group Attribute" field and ensure that "Group Members Attribute" is valid.

This would force Crowd to use the membership mapped by the groups instead of LDAP users. Please try the above suggestion and let us know how it goes.

Cheers,

Septa Cahyadiputra

Where would I find "group members attribute"? Are you referring to something in our LDAP schema or a setting in Jira?

You could find the mentioned field under the "Group Configuration" section for Crowd, and "Group Schema Setting" for JIRA.

As mentioned earlier, if the mapping of the membership is configured under the groups, you should be able to configure it here, and using "DummyValue" as the "User Group Attribute" value would force Crowd to use only this parameter to retrieve all the necessary membership from your LDAP server.

Hope it helps.

Cheers,

Septa Cahyadiputra

Hi Lars,

What object classes do your Groups and Users implement? Could you give us a sanatised snippet of your LDAP schema as an LDIF for example, so we can give you the best answer possible.

Cheers,

Justin

Here is the schema for users:

dn: dc=people,dc=internap,dc=com
objectclass: organizationalUnit
objectclass: dcObject
objectclass: top
dc: people
ou: people
description: user accounts

dn: uid=barack,dc=people,dc=internap,dc=com
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: top
cn: Barack
sn: Barack
uid: barack
gecos: Barack
givenname: Barack
mail: barack@internap.com

...

Hi Lars,

Could you please provide us the sanitized LDIF of one of your group. What we are looking is the "member" or "uniquemember" parameter where you configured the meber of the particular group.

Cheers,

Septa Cahyadiputra

I hadn't initially planned to use groups since I am using Delegated Authentication Directory seutp but pulling users out of a specific group will be helpful.


dn: cn=stooges,ou=unix,dc=internap,dc=com
objectclass: posixGroup
objectclass: top
cn: stooges
memberuid: curlyhoward
memberuid: joebesser
memberuid: joederita
memberuid: larryfine
memberuid: moehoward
memberuid: shemphoward

Hi Lars,

As mentioend on the previous response, if you put "dummyValue" into your "User Group Attribute" field and "memberuid" into your "Group Members Attribute" field. Crowd would ignore the "dummyvalue" process the membership using the configured "Group Member Attribute".

Could you please try the mentioned suggestion and see if it helps.

Cheers,
Septa Cahyadiputra

No, I'm still getting: "There was an error in updating the directory. Please check the fields to ensure all entries are valid"

Is there any where in the logs where I can see which field is causing an error?

Hi Lars,

Sorry to hear that, logs might be able to help us here but we would need to analyze it and understand the whole configuration.

It would be best if we continue our troubleshooting process trough https://support.atlassian.com/ so that we could see your configuration and logs confidentially.

If it is okay with you, you could attach the screenshot of your detailed configuration here and please let me know the directory type (connector/delegation) you used on your system.

Cheers,

Septa Cahyadiputra

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

286 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot