Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Active Directory problem: Test get user's memberships : Failed

Hal Mirsky
Hal Mirsky August 21, 2017

I am configuring a Directory to connect to AD in our WIndows Small Business Server. The following error is returned when running Test Settings:

 
Test basic connection : Succeeded
Test retrieve user : Succeeded
Test user rename is configured and tracked : Succeeded
Test get user's memberships : Failed
Test retrieve group : Not performed
Test get group members : Not performed
Test user can authenticate : Not performed
 
The basic connection test seems to pass:
 

Test Remote Directory Connection

Test basic connection : Succeeded
Test retrieve user : Not performed
Test user rename is configured and tracked : Not performed
Test get user's memberships : Not performed
Test retrieve group : Not performed
Test get group members : Not performed
Test user can authenticate : Not performed
 
I can connect and authenticate at the same host/port from https/svn. 
 
Redacted directory config:
 
=== Current user ===
Directory ID: 1
Username: admin
Display name: Administrator
Email address: XXXXXXX

=== Directories configured ===
Directory ID: 10000
Name: LDAP server
Active: true
Type: CONNECTOR
Created date: Mon Aug 21 13:57:27 PDT 2017
Updated date: Mon Aug 21 15:26:51 PDT 2017
Allowed operations: [UPDATE_USER_ATTRIBUTE, UPDATE_GROUP_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
    "autoAddGroups": ""
    "com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
    "com.atlassian.crowd.directory.sync.issynchronising": "false"
    "com.atlassian.crowd.directory.sync.lastdurationms": "593"
    "com.atlassian.crowd.directory.sync.laststartsynctime": "1503354410573"
    "crowd.sync.incremental.enabled": "true"
    "directory.cache.synchronise.interval": "3600"
    "ldap.basedn": "OU=SBSUsers,OU=Users,OU=MyBusiness,DC=COMPANY,DC=local"
    "ldap.connection.timeout": "10000"
    "ldap.external.id": "objectGUID"
    "ldap.group.description": "description"
    "ldap.group.dn": ""
    "ldap.group.filter": "(objectCategory=Group)"
    "ldap.group.name": "cn"
    "ldap.group.objectclass": "group"
    "ldap.group.usernames": "member"
    "ldap.local.groups": "false"
    "ldap.nestedgroups.disabled": "true"
    "ldap.pagedresults": "true"
    "ldap.pagedresults.size": "1000"
    "ldap.password": ********
    "ldap.pool.initsize": "null"
    "ldap.pool.maxsize": "null"
    "ldap.pool.prefsize": "null"
    "ldap.pool.timeout": "0"
    "ldap.propogate.changes": "false"
    "ldap.read.timeout": "120000"
    "ldap.referral": "true"
    "ldap.relaxed.dn.standardisation": "true"
    "ldap.roles.disabled": "true"
    "ldap.search.timelimit": "60000"
    "ldap.secure": "false"
    "ldap.url": "ldap://XXX.XXX.XXX.XXX:389"
    "ldap.user.displayname": "displayName"
    "ldap.user.dn": ""
    "ldap.user.email": "mail"
    "ldap.user.encryption": "sha"
    "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"
    "ldap.user.firstname": "givenName"
    "ldap.user.group": "memberOf"
    "ldap.user.lastname": "sn"
    "ldap.user.objectclass": "user"
    "ldap.user.password": "unicodePwd"
    "ldap.user.username": "sAMAccountName"
    "ldap.user.username.rdn": "cn"
    "ldap.userdn": "XXXXXXXXX"
    "ldap.usermembership.use": "true"
    "ldap.usermembership.use.for.groups": "false"
    "localUserStatusEnabled": "false"

Directory ID: 1
Name: JIRA Internal Directory
Active: true
Type: INTERNAL
Created date: Thu Sep 22 14:13:21 PDT 2011
Updated date: Thu Sep 22 14:13:21 PDT 2011
Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE_ATTRIBUTE, UPDATE_ROLE, DELETE_GROUP, CREATE_USER, UPDATE_USER, UPDATE_GROUP, CREATE_ROLE, UPDATE_USER_ATTRIBUTE, DELETE_ROLE, CREATE_GROUP, DELETE_USER]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
    "user_encryption_method": "atlassian-security"

Thank you in advance for any suggestions
Answer
Watch
Like Be the first to like this
4665 views

1 answer

1 vote
Hal Mirsky
Hal Mirsky August 22, 2017

Users and groups are accessed via different paths. Set Base DN and prepend for users and groups as follows:

Base DN: OU=MyBusiness,DC=XXXX,DC=XXXX

Additional User DN: OU=SBSUsers,OU=Users

Additional Group DN: OU=Security Groups

Reply

Suggest an answer

Log in or Sign up to answer
Hipchat
Hipchat
TAGS
AUG Leaders

Atlassian Community Events

    See all events