Doing a test set up. If I set up as LDAP or AD (LDAP as well) and set it up as follows ....
Base DN - dc=foo,dc=bar,dc=tld
Additional Group DN - CN=jiraUsers,OU=GroupA,OU=InternalGroups
... it works, but it dumps our whole directory into the users
If I do Internal with LDAP Auth (**PREFERRED**) using the following:
Base DN - CN=jiraUsers,OU=GroupA,OU=InternalGroups,dc=foo,dc=bar,dc=tld
I can't get it to authenticate ... using 'copy user on login' or not.
I need it to only authenticate users in that group ... Any ideas why the second one wouldn't work or how I can get it to only sync/import the users in that group?
OK, so this one is similar to this (looking at catalina.out):
But there's not final answer posted there. I'm evaluating, so I don't have a support contract. Anyone dealt with this?
Here's the stack trace:
2012-04-27 10:18:25,822 http-8080-8 ERROR anonymous 618x47627x1 1scf4qc 192.168.115.165 /rest/gadget/1.0/login [springframework.ldap.control.AbstractRequestControlDirContextProcessor] No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl
2012-04-27 10:18:25,822 http-8080-8 ERROR anonymous 618x47627x1 1scf4qc 192.168.115.165 /rest/gadget/1.0/login [crowd.manager.application.ApplicationServiceGeneric] Directory 'Delegated LDAP Authentication' is not functional during authentication of '*****'. Skipped.
2012-04-27 10:18:25,822 http-8080-8 ERROR anonymous 618x47627x1 1scf4qc 192.168.115.165 /rest/gadget/1.0/login [jira.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user '*****'.
Which LDAP container are your users in? If CN=jiraUsers,OU=GroupA,OU=InternalGroups,dc=foo,dc=bar,dc=tld is a group and not a container under which the users are located then using that as a Base DN won't work as JIRA won't be able to see any of your LDAP users.
You need to configure the Base DN to a container high enough in your LDAP tree so that all the users that you want to use JIRA will be in its container or one of its sub-containers, e.g. OU=InternalUsers,dc=foo,dc=bar,dc=tld You should be able to limit which users can then use JIRA by using something along the lines of (&(objectCategory=Person)(sAMAccountName=*)(memberOf=jiraUsers)) as the User Object Filter - http://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP+Directory
Hope that helps?
In the internal Jira Directory with LDAP Authentication ....
even setting the base DN to the root (just dc=foo...) doesn't work. Neither does
Tried the same with LDAP (Active Directory) and ...
Base DN of
... AND ...
in User Schema ...
Neither of them work.
No errors in catalina.out either way. The only thing that seems to work is putting users directly into the OUs and pointing directly to those OUs (no very scalable or flexible)
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot