I'm having a problem configuring Jira with an OpenLDAP server. The "Save and Test" results in a single failure "Test get group members: Failed".
I've found a few links on the forum dealing with this but even after verifying my Group Object Filter and User Object Search via ldapsearch, I'm stumped. When I try both filters at the cli, I do get results returned, so the filter seems legit. I have been using the memberOf (groupOfNames) overlay for other applications so that all seems OK.
I've looked in /var/jira/log/atlassian-jira.log and I can see Jira finding group info in LDAP, but there aren't any errors or warnings or segfaults or other messages suggesting there's a glaring error.
atlassian-jira.log:2021-05-17 02:13:37,329-0500 Caesium-1-2 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 10 ] remote groups in [ 2 ms ]
atlassian-jira.log:2021-05-17 03:28:36,555-0500 Caesium-1-4 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 181 ] remote users in [ 11 ms ]
Is there way to debug this process a little deeper with some config setting or other log?
Just wanted to follow up in case anyone else runs into this same problem. I finally found the correct logging options in Jira (gg logging) and enabled DEBUG on these two Loggers:
This put MUCH more info in the atlassian-jira.log file. I was able to step through each operation Jira was doing while talking to the OpenLDAP directory. I noticed this:
2021-05-24 ... Execute operation search with handler on baseDN: ou=xxx,dc=xxx,dc=xxx, filter: (&(objectclass=inetorgperson)(memberOf=cn=xxx,ou=groups,dc=xxx,dc=xxx,dc=xxx))
2021-05-24 ... The operation returned 0 results
There should be results coming back for that, so I tried a memberOf search at the command line of the OpenLDAP server:
# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(cn=someuser)" -b dc=xxx,dc=xxx,dc=xxx memberOf
This returned 0 results. I spoke with our directory maintainer and there had been a change to how the LDAP directory is updated and the memberOf attribute was no longer being maintained correctly (groups were being updated _before_ users were being updated). After correcting the process, the memberOf attributes were working the next day.
So, not really a Jira issue after all, but something you might want to look for if you're getting this message
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events