Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Any way to debug "Test get group members: Failed" when configuring with OpenLDAP?

I'm having a problem configuring Jira with an OpenLDAP server. The "Save and Test" results in a single failure "Test get group members: Failed".


I've found a few links on the forum dealing with this but even after verifying my Group Object Filter and User Object Search via ldapsearch, I'm stumped. When I try both filters at the cli, I do get results returned, so the filter seems legit. I have been using the memberOf  (groupOfNames) overlay for other applications so that all seems OK.


I've looked in /var/jira/log/atlassian-jira.log and I can see Jira finding group info in LDAP, but there aren't any errors or warnings or segfaults or other messages suggesting there's a glaring error.

atlassian-jira.log:2021-05-17 02:13:37,329-0500 Caesium-1-2 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 10 ] remote groups in [ 2 ms ]
atlassian-jira.log:2021-05-17 03:28:36,555-0500 Caesium-1-4 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 181 ] remote users in [ 11 ms ]

Is there way to debug this process a little deeper with some config setting or other log?


1 answer

1 accepted

0 votes
Answer accepted

Just wanted to follow up in case anyone else runs into this same problem. I finally found the correct logging options in Jira (gg logging) and enabled DEBUG on these two Loggers:

  • com.atlassian.jira.web.action.util.LDAPConfigurer

This put MUCH more info in the atlassian-jira.log file. I was able to step through each operation Jira was doing while talking to the OpenLDAP directory. I noticed this:

2021-05-24 ... Execute operation search with handler on baseDN: ou=xxx,dc=xxx,dc=xxx, filter: (&(objectclass=inetorgperson)(memberOf=cn=xxx,ou=groups,dc=xxx,dc=xxx,dc=xxx))
2021-05-24 ... The operation returned 0 results

There should be results coming back for that, so I tried a memberOf search at the command line of the OpenLDAP server:

# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(cn=someuser)" -b dc=xxx,dc=xxx,dc=xxx memberOf

This returned 0 results. I spoke with our directory maintainer and there had been a change to how the LDAP directory is updated and the memberOf attribute was no longer being maintained correctly (groups were being updated _before_ users were being updated). After correcting the process, the memberOf attributes were working the next day.

So, not really a Jira issue after all, but something you might want to look for if you're getting this message

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you