Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA OpenLDAP - Test get user's memberships : Failed

itstayyab
itstayyab March 13, 2015

I've setup OpenLDAP and connected with JIRA and confluence. LDAP Users are reflected in both. But I'm not able to login via LDAP user in JIRA or conlfuence and getting below error while performing test.

Test Remote Directory Connection

 Test basic connection : Succeeded

 Test retrieve user : Succeeded
 Test user rename is configured and tracked : Succeeded
 Test get user's memberships : Failed
 Test retrieve group : Not performed
 Test get group members : Not performed
 Test user can authenticate : Succeeded

Can anyone please help me in that?
Best Regards
Tayyab Khan
Answer
Watch
Like Be the first to like this
6426 views

4 answers

0 votes
thgmx
thgmx January 17, 2019

Hi all,

I had exactly the same error as Tayyab. I could login, but the logged in users did not appear in the appropriate group. My solution was applying the LDAP_MATCHING_RULE_IN_CHAIN (1.2.840.113556.1.4.1941) to the group filter as well:

Group Object Filter:   (&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=cn=MY_AD_GROUP,ou=d1,ou=d2,ou=main,dc=xxxx,dc=xxx))

where MY_AD_GROUP is a group containing a few other AD groups containing users.

View More Comments
Sergius Janik
Sergius Janik February 28, 2019

Hey Thomas,

 

I'm getting the same error and as I'm fairly new to LDAP I cannot translate your example to my case.

Could you please elaborate a little bit more about what you did?

I've put in your example into the Group Object Filter field and then exchanged dc=...,dc=... with my domain. Not sure though what I have to fill in for cn= and ou= ?

 

Could you help me out with my LDAP?

Like
TU Graz - CAMPUSonline
TU Graz - CAMPUSonline March 1, 2019

Hi, it simple depends an your ldap Server,  more specific on the directory structure your ldap admin gave it. 

For instance if you have  as start of  object hierarchie   dc = mydomain . 

and sub tree   ou=users   where all user objects are.  A single user object has many attributes (by default).  Most important  is  cn  which spells  common name  and contains usually  the  username  

ou  means   organisational unit.   a ou usually denotes a directory containing some other objects.  a tree can consist of any number of ou-s. 

so correct path would be :  dc=mydomain, ou=users,  cn=myusername  

which would be a very flat  hiearchy. 

More common is :  

dc=companyname,

  ou=devision,

    ou=section, 

     ou=some_other_dividing_element,

      ou= users ,

        cn = user1

        cn = user2 

        cn = user3 

 

HTH

Like
Sergius Janik
Sergius Janik March 2, 2019

Hey and thanks for the detailed answer. However it still shows the error with the memberships.

I'm totally new to LDAP but I think I've understood the hierarchy setup you've described. I'm pretty sure I'm mixing some stuff up. because if the solution works for you it should as well for me.

Could you have a look at my LDAP Testsetup and my confluence setup and point me into the right direction?

 

Here are my group and membership-settings in Confluence:

 

side.png

Here the Primary group (dc= I've deleted for privacy reasons)

sub.png

And here my tree from a windows config tool that is connected with my linux server (also here dc= deleted for privacy reasons..)

top.png

 

the string I put into the Group-Object-Filter field is:

(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=cn=admins,ou=group,dc=diamontech,dc=local))

Can you see the mistake?

Like
Reply
0 votes
Chen Wang
Chen Wang July 8, 2018

Got same problem here. I have passed the test of remote directory connection. However,  failed to get user's memberships. And system showed message like "LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 531".

I have checked this message from https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html. And asked my ldap server adminster. He add my server hostname in his userworkstation. It still doesn't work...

View More Comments
Chen Wang
Chen Wang July 8, 2018

Are any solutions here?

Like
Reply
0 votes
TU Graz - CAMPUSonline
TU Graz - CAMPUSonline February 26, 2016

I have the same problem and didn't find an answer.  

JIRA LDAP server explanation of this field is as short as a fat mans hugo. 

Tayyab needs an answer for "what is the meaning of this failure message?" 

What weng wrong. Whiche attributes are going to be retrieved from ldap server?

There are some group attributes to configure - which precisly  is wrong.

What is the tests that is carried out  against the ldap server ?

 

Ist there any method to debug this?  

 

Reply
0 votes
teilor_soares
teilor_soares
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 13, 2015

Hi Tayyab!

From the error, I believe you need to review the membership configurations of the directory you added. In the document about connect JIRA to a LDAP server you have a explanation of each field.

 https://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-MembershipSchemaSettings

Cheers!
Teilor

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events