• Community
  • Products
  • Crowd
  • Questions
  • Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Setting up LDAP in Crowd but "User Group Attribute" required - our LDAP schema doesn't seem to have memberOf attribute

Lars Nordin April 4, 2012

Setting up LDAP in Crowd for authentication only but "User Group Attribute" is required by setup screen. Our LDAP schema doesn't seem to have memberOf attribute and we wouldn't be using it anyway.

Is there anyway to work around this?

3 answers

1 accepted

0 votes
Answer accepted
JustinK
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 11, 2012

Hi Lars,

It looks like you have a Posix based LDAP schema, could you try using one of the Posix based LDAP configurations in Crowd.

Also make sure that you have the "Use the User Membership Attribute" un-ticked on the Connector tab. Here is the specific documentation related to OpenLDAP directories that have a Posix Schema.

http://confluence.atlassian.com/display/CROWD/OpenLDAP+Using+Posix+Schema

Crowd also has a more generic, Posix Schema configuration:

http://confluence.atlassian.com/display/CROWD/Posix+Schema+for+LDAP

Cheers,

Justin

1 vote
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 8, 2012

Hi Lars,

Could you please try to use "dummyValue" into your "User Group Attribute" field and ensure that "Group Members Attribute" is valid.

This would force Crowd to use the membership mapped by the groups instead of LDAP users. Please try the above suggestion and let us know how it goes.

Cheers,

Septa Cahyadiputra

Lars Nordin April 8, 2012

Where would I find "group members attribute"? Are you referring to something in our LDAP schema or a setting in Jira?

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 8, 2012

You could find the mentioned field under the "Group Configuration" section for Crowd, and "Group Schema Setting" for JIRA.

As mentioned earlier, if the mapping of the membership is configured under the groups, you should be able to configure it here, and using "DummyValue" as the "User Group Attribute" value would force Crowd to use only this parameter to retrieve all the necessary membership from your LDAP server.

Hope it helps.

Cheers,

Septa Cahyadiputra

0 votes
JustinK
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 9, 2012

Hi Lars,

What object classes do your Groups and Users implement? Could you give us a sanatised snippet of your LDAP schema as an LDIF for example, so we can give you the best answer possible.

Cheers,

Justin

Lars Nordin April 10, 2012

Here is the schema for users:

dn: dc=people,dc=internap,dc=com
objectclass: organizationalUnit
objectclass: dcObject
objectclass: top
dc: people
ou: people
description: user accounts

dn: uid=barack,dc=people,dc=internap,dc=com
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: top
cn: Barack
sn: Barack
uid: barack
gecos: Barack
givenname: Barack
mail: barack@internap.com

...

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 10, 2012

Hi Lars,

Could you please provide us the sanitized LDIF of one of your group. What we are looking is the "member" or "uniquemember" parameter where you configured the meber of the particular group.

Cheers,

Septa Cahyadiputra

Lars Nordin April 10, 2012

I hadn't initially planned to use groups since I am using Delegated Authentication Directory seutp but pulling users out of a specific group will be helpful.


dn: cn=stooges,ou=unix,dc=internap,dc=com
objectclass: posixGroup
objectclass: top
cn: stooges
memberuid: curlyhoward
memberuid: joebesser
memberuid: joederita
memberuid: larryfine
memberuid: moehoward
memberuid: shemphoward

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 10, 2012

Hi Lars,

As mentioend on the previous response, if you put "dummyValue" into your "User Group Attribute" field and "memberuid" into your "Group Members Attribute" field. Crowd would ignore the "dummyvalue" process the membership using the configured "Group Member Attribute".

Could you please try the mentioned suggestion and see if it helps.

Cheers,
Septa Cahyadiputra

Lars Nordin April 11, 2012

No, I'm still getting: "There was an error in updating the directory. Please check the fields to ensure all entries are valid"

Is there any where in the logs where I can see which field is causing an error?

Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 11, 2012

Hi Lars,

Sorry to hear that, logs might be able to help us here but we would need to analyze it and understand the whole configuration.

It would be best if we continue our troubleshooting process trough https://support.atlassian.com/ so that we could see your configuration and logs confidentially.

If it is okay with you, you could attach the screenshot of your detailed configuration here and please let me know the directory type (connector/delegation) you used on your system.

Cheers,

Septa Cahyadiputra

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events