Hello guys
Im facing this problem; User is found and password is verified against my directory server (MS AD).
But the 'test' interface gets the error 'Test get user's memberships with 0 groups retrieved. : Failed'
And then there's attempt to login, it doesnt say wrong password or user not found - login is denied!
Setup is standard LDAP 389, a Domain User read only bind account and the integration is set as 'Read only with groups'. User should be granted groups upon login
What do i miss out on?
I believe i have found the issue. The tested user was a 'blank' user, only with the same DN as my other users have. So i looked and found 'Domain User' - which probably didnt 'cut it' as a geniune group. So im guessing this is the issue - since a test with a user with some longer life to him (and memberships) seems to give no problem.
Now the only problem i see here is that i cannot filter OU's deep enough, the DN used for bind is in another OU then my internal users, i.e. humans are 'Internal Users', and bind account is 'Service Account', both hierachially placed under 'Users'.
If i set first filter to 'OU=Users' and 'OU=Internal Users' then the test fails with a NameNotFound exception. I can live with that, only problem is that Service Acc's are showing in Jira administration.
I will close this unless someone has a bit of extra info :)
Hi Morten,
Quite hard to deduce the cause of the issue without logs and your directory configuration. Although please note that this is a public forum so censored some information if you wish to post it into this thread.
Jusging from your directory type, may I know if you retrieve any user membership from your LDAP server. The above test shows that Confluence are not able to retrieve any LDAP membership from your LDAP only not with Confluence local groups.
So if the configuration is setup to works only with local group membership, then it is an expected result. If you wished to retrieve LDAP memebrship as well then you might want to double check your membership configuration and group retrieveal configuration on this particular directory.
Hope it helps.
Cheers,
Septa Cahyadiputra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Uhm, weird just a minute ago the login was denied - just now it succeeded! Well, still getting 'Failed' in memberships above, how so?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.