Active Directory Test get user's memberships : Failed

Michelle Larson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 22, 2014

I am setting up AD to work with JIRA and the first 3 pass

  Test basic connection : Succeeded
  Test retrieve user : Succeeded
  Test user rename is configured and tracked : Succeeded

then I get the following error on step 4

Test get user's memberships : Failed

org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=JIRA,OU=OTS Services,DC=WINDOM,DC=OUTREACH,DC=PSU,DC=EDU' ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=JIRA,OU=OTS Services,DC=WINDOM,DC=OUTREACH,DC=PSU,DC=EDU' ]; remaining name 'OU=JIRA Users,OU=JIRA,OU=OTS Services,DC=WINDOM,DC=OUTREACH,DC=PSU,DC=EDU'
 
I know its connecting and getting the information just not sure why this step fails.

1 answer

0 votes
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 22, 2014

Hi Michelle, the message "error code 32" is a response from the LDAP server and it indicated that the object doesn't exist. It's also described in this KB.

It seems that the object that wasn't found is this one: OU=JIRA,OU=OTS Services,DC=WINDOM,DC=OUTREACH,DC=PSU,DC=EDU

You may want to confirm that this is OU exist in your LDAP server and update your configuration in JIRA.

I hope it helps.

Cheers

Michelle Larson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 23, 2014

I am now able to test fine, however now it is not pulling the users from the JIRA Users security group it is just pulling it from the JIRA OU.  How do I configure it to pull the users from the security group.

Here is my Directory Config Summary.

 

=== Current user ===
Directory ID: 1
Username: mrl19
Display name: Michelle Larson
Email address: mrl19@psu.edu

=== Directories configured ===
Directory ID: 1
Name: JIRA Internal Directory
Active: true
Type: INTERNAL
Created date: Thu Jul 14 16:16:13 EDT 2011
Updated date: Thu Jul 14 16:16:13 EDT 2011
Allowed operations: [CREATE_GROUP, CREATE_ROLE, CREATE_USER, DELETE_GROUP, DELETE_ROLE, DELETE_USER, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_ROLE, UPDATE_ROLE_ATTRIBUTE, UPDATE_USER, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.InternalDirectory
Encryption type: atlassian-security
Attributes:
    "user_encryption_method": "atlassian-security"

Directory ID: 10101
Name: Active Directory server
Active: true
Type: CONNECTOR
Created date: Mon Sep 22 14:52:12 EDT 2014
Updated date: Tue Sep 23 14:03:04 EDT 2014
Allowed operations: [CREATE_GROUP, DELETE_GROUP, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes:
    "autoAddGroups": "jira-users; outreach-users"
    "com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
    "com.atlassian.crowd.directory.sync.issynchronising": "false"
    "com.atlassian.crowd.directory.sync.lastdurationms": "110"
    "com.atlassian.crowd.directory.sync.laststartsynctime": "1411495384813"
    "crowd.sync.incremental.enabled": "true"
    "directory.cache.synchronise.interval": "3600"
    "ldap.basedn": "OU=JIRA,OU=OTS Services,DC=WINDOM,DC=OUTREACH,DC=PSU,DC=EDU"
    "ldap.connection.timeout": "10000"
    "ldap.external.id": "objectGUID"
    "ldap.group.description": "description"
    "ldap.group.dn": "CN=JIRA Users"
    "ldap.group.filter": "(objectCategory=Group)"
    "ldap.group.name": "cn"
    "ldap.group.objectclass": "jira-users"
    "ldap.group.usernames": "member"
    "ldap.local.groups": "true"
    "ldap.nestedgroups.disabled": "true"
    "ldap.pagedresults": "true"
    "ldap.pagedresults.size": "1000"
    "ldap.password": ********
    "ldap.pool.initsize": "null"
    "ldap.pool.maxsize": "null"
    "ldap.pool.prefsize": "null"
    "ldap.pool.timeout": "0"
    "ldap.propogate.changes": "false"
    "ldap.read.timeout": "120000"
    "ldap.referral": "true"
    "ldap.relaxed.dn.standardisation": "true"
    "ldap.roles.disabled": "true"
    "ldap.search.timelimit": "60000"
    "ldap.secure": "false"
    "ldap.url": "ldap://windom.outreach.psu.edu:389"
    "ldap.user.displayname": "displayName"
    "ldap.user.dn": ""
    "ldap.user.email": "mail"
    "ldap.user.encryption": "sha"
    "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"
    "ldap.user.firstname": "givenName"
    "ldap.user.group": "memberOf"
    "ldap.user.lastname": "sn"
    "ldap.user.objectclass": "user"
    "ldap.user.password": "unicodePwd"
    "ldap.user.username": "sAMAccountName"
    "ldap.user.username.rdn": "cn"
    "ldap.userdn": "svc_jira"
    "ldap.usermembership.use": "false"
    "ldap.usermembership.use.for.groups": "false"
    "localUserStatusEnabled": "false"

 

Suggest an answer

Log in or Sign up to answer