Hi,
I'm having a problem configuring Jira with an OpenLDAP server. The "Save and Test" results in a single failure "Test get group members: Failed".
I've found a few links on the forum dealing with this but even after verifying my Group Object Filter and User Object Search via ldapsearch, I'm stumped. When I try both filters at the cli, I do get results returned, so the filter seems legit. I have been using the memberOf (groupOfNames) overlay for other applications so that all seems OK.
I've looked in /var/jira/log/atlassian-jira.log and I can see Jira finding group info in LDAP, but there aren't any errors or warnings or segfaults or other messages suggesting there's a glaring error.
atlassian-jira.log:2021-05-17 02:13:37,329-0500 Caesium-1-2 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 10 ] remote groups in [ 2 ms ]
atlassian-jira.log:2021-05-17 03:28:36,555-0500 Caesium-1-4 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 181 ] remote users in [ 11 ms ]
Is there way to debug this process a little deeper with some config setting or other log?
Thanks!
Just wanted to follow up in case anyone else runs into this same problem. I finally found the correct logging options in Jira (gg logging) and enabled DEBUG on these two Loggers:
This put MUCH more info in the atlassian-jira.log file. I was able to step through each operation Jira was doing while talking to the OpenLDAP directory. I noticed this:
2021-05-24 ... Execute operation search with handler on baseDN: ou=xxx,dc=xxx,dc=xxx, filter: (&(objectclass=inetorgperson)(memberOf=cn=xxx,ou=groups,dc=xxx,dc=xxx,dc=xxx))
2021-05-24 ... The operation returned 0 results
There should be results coming back for that, so I tried a memberOf search at the command line of the OpenLDAP server:
# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(cn=someuser)" -b dc=xxx,dc=xxx,dc=xxx memberOf
This returned 0 results. I spoke with our directory maintainer and there had been a change to how the LDAP directory is updated and the memberOf attribute was no longer being maintained correctly (groups were being updated _before_ users were being updated). After correcting the process, the memberOf attributes were working the next day.
So, not really a Jira issue after all, but something you might want to look for if you're getting this message
I had a different problem, but your answer helped me to find it. Thanks!
For the record, the line in the logs where I found my problem was this (slightly redacted):
2024-03-03 17:55:10,246-0300 http-nio-8081-exec-7 url: /plugins/servlet/embedded-crowd/directories/troubleshoot/; user: jira-user DEBUG jira-user 1075x552x1 cxnzde 172.19.0.1 /plugins/servlet/embedded-crowd/directories/troubleshoot/ [c.a.crowd.directory.SpringLDAPConnector] Entity DN <cn=gustavo xxx,ou=2240,ou=2200,...,dc=com,dc=br> is outside the entity base DN subtree scope <...,dc=com,dc=br >
Note that there is a trailing space in the "base DN subtree scope". I edited the Base DN configuration and removed the space that was there by mistake. After that, all tests passed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.