LDAP problem in JIRA 5 but not in 4.4

BarthélémyH April 3, 2012

Hello,

We have an instance of JIRA 4.4 running and authenticating against an LDAP server (users managed internally). It works fine. I can see that it executes the following command when I log in as user XXXXXX:
2012-04-04 17:38:44,049 http-443-6 DEBUG anonymous 1058x43x1 16xib1j <ip> /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = OU=Users,OU=Organic Units,DC=CERN,DC=ch - filter = (&(sAMAccountName=XXXXXXX))

I try to set up a new instance of JIRA, but in version 5 this time. I see that there is no more osuser.xml but there is an administration panel to add a directory "Delegated LDAP Authentication". I fill it up, test it, and it says that it passes the test. I restart but then when I try to log in, it refuses. In the logs I see the following line :
2012-04-04 17:48:19,047 http-8443-6 DEBUG anonymous 1068x203x1 mth0ly <ip> /rest/gadget/1.0/login [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = OU=Users,OU=Organic Units,DC=CERN,DC=ch - filter = (&(objectclass=inetorgperson)(sAMAccountName=XXXXXX))

It is the same apart from the filter that has an extra bit (objectclass). I am not sure, but I guess it is this bit that makes trouble.Can I test my assumption somehow ? is there a way to test directly an ldap request ?

More importantly, can I get rid of this objectclass ?

Thank you in advance

Barthelemy

EDIT : I played a bit with ldapsearch and I see that it works with objectclass=person. How can I change inetorgperson for person ?

EDIT 2 : I could get it to work by doing in the database :
update cwd_directory_attribute set attribute_value = '(objectclass=person)' where attribute_name = 'ldap.user.filter' and directory_id = 10000;
I don't believe this is a real solution. Any help still welcome :)

2 answers

1 accepted

1 vote
Answer accepted
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 8, 2012

Hi there,

You should be able to see the "User Schema Setting" configuration section, when you choose "Copying User On First Login" option for your directory.

You should be able to modified all of those directory if you access JIRA using administrative internal user(s). Anyway, since you have modified it trough database, and confirm that its fixed.

It should not be a problem in a long term. Hope it helps.

Cheers,

Septa Cahyadiputra

1 vote
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 4, 2012

You should be able to customise the LDAP filter that JIRA uses when searching for users.. I believe this is in the directory configuration page under "user schema settings", it's collapsed by default.

BarthélémyH April 4, 2012

Thank you for your reply. The "user schema settings" is not available for "Internal with LDAP Authentication". It is there for "LDAP' directory configuration.

Suggest an answer

Log in or Sign up to answer