Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Test get user's memberships : Failed, while connecting Jira with OpenLDAP

amitpustode
amitpustode March 15, 2019

Hi,

I'm trying to configure JIRA with OpenLDAP user directory. But I'm facing  "Test get user's memberships : Failed" When doing the "Test Connection", I'm sharing full result when I'm test connection , I have also attached my jira server setup Screen Shot.

Output:-

Test basic connection : Succeeded

Test retrieve user : Succeeded

Test user rename is configured and tracked : Succeeded

Test get user's memberships : Failed

Test retrieve group : Not performed

Test get group members : Not performed

Test user can authenticate : Succeeded

 

01.png02.png03.jpg

Answer
Watch
Like Rico Petrick likes this
3854 views

3 answers

0 votes
Kim Djernæs
Kim Djernæs December 16, 2021

Sorry. Wrong post.

Can't find a way to delete it.

Reply
0 votes
Rico Petrick
Rico Petrick June 13, 2019

Hi, I have solved the problem, at least for my setup. The main problem for me was that I use an openldap docker image which has obviously a problem with the "memberof" method. The solution here was to use groupOfUniqueNames instead of groupOfNames for the groups like "jira-software-users", then the memberof call yields the expected results. Here my settings:

User Schema Settings

  • User Object Class: inetOrgPerson
  • User Object Filter: (objectClass=person)
  • User Name Attribute: uid
  • User Name RDN Attribute: cn
  • User First Name Attribute: givenName
  • User Last Name Attribute: sn
  • User Display Name Attribute: cn
  • User Email Attribute: mail
  • User Password Attribute: userpassword
  • User Password Encryption: SHA
  • User Unique ID Attribute: uidNumber

Group Schema Settings

  • Group Object Class: groupOfUniqueNames
  • Group Object Filter: (cn=*)
  • Group Name Attribute: cn
  • Group Description Attribute: description

Membership Schema Settings

  • Group Members Attribute: uniquemember
  • User Membership Attribute: memberof

Here as example the ldif output of my group "jira-software-users:

# LDIF Export for cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
# Server: ldap.lingucity.de (ldap.lingucity.de)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 13, 2019 4:02 pm
# Version: 1.2.4

version: 1

# Entry 1: cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
dn: cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
cn: jira-software-users
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: cn=GName1, SName1,ou=People,dc=lingucity,dc=de
uniquemember: cn=GName2, SName2,ou=People,dc=lingucity,dc=de
uniquemember: cn=GName3, SName3,ou=People,dc=lingucity,dc=de
View More Comments
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 15, 2019

That's good!

Like
Reply
0 votes
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2019

Hi! 

 

Have you communicate with AD/LDAP admin? 

looks like uniqueMember incorrect, could you try memberOf ?

 

Cheers,

Gonchik Tsymzhitov

View More Comments
amitpustode
amitpustode March 16, 2019

@Gonchik Tsymzhitov  ... Yes, I tried with memberOf also but same issue ... 

Like
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 16, 2019

image.png

Like Anant Bhat likes this
amitpustode
amitpustode March 18, 2019

@Gonchik Tsymzhitov ... that one also showing same error .. 

Like
Rico Petrick
Rico Petrick June 11, 2019

I have the same problem. What is the purpose of this query? What is the expected result? How do I match the fields provided by the LDAP server to the requests mentioned in the settings?

Like
Gonchik Tsymzhitov
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 12, 2019

Could you share logs, please? 

Like
Rico Petrick
Rico Petrick June 12, 2019

In section "User Schema Settings" I have nearly the same as shown above, only two differences: "User Display Name Attribute" is set to "cn", and I have an additional line at the end "User Unique ID Attribute" which I have set to "uidNumber".

The other settings for Group Schema and Membership Schema are identical. When I start the test, I have the same screen as shown above. My openLDAP server shows the following output:

2019-06-12T12:39:51.490728857Z app[web.1]: 5d00f297 conn=1037 op=28 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.490754193Z app[web.1]: 5d00f297 conn=1037 op=28 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.490844693Z app[web.1]: 5d00f297 conn=1037 op=28 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.491667549Z app[web.1]: 5d00f297 conn=1037 op=29 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.491678896Z app[web.1]: 5d00f297 conn=1037 op=29 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.491728715Z app[web.1]: 5d00f297 conn=1037 op=29 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.492477068Z app[web.1]: 5d00f297 conn=1037 op=30 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(&(?objectClass=group)(cn=*))(|(?uniqueMember=udo.hain)(gidNumber=5001)))"
2019-06-12T12:39:51.492495990Z app[web.1]: 5d00f297 conn=1037 op=30 SRCH attr=description cn uniqueMember gidNumber
2019-06-12T12:39:51.492548212Z app[web.1]: 5d00f297 conn=1037 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text=
2019-06-12T12:39:51.493002890Z app[web.1]: 5d00f297 conn=1037 op=31 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.493011650Z app[web.1]: 5d00f297 conn=1037 op=31 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.493057502Z app[web.1]: 5d00f297 conn=1037 op=31 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.495028906Z app[web.1]: 5d00f297 conn=1044 fd=15 ACCEPT from IP=172.17.0.1:53256 (IP=0.0.0.0:389)
2019-06-12T12:39:51.495058890Z app[web.1]: 5d00f297 conn=1044 op=0 BIND dn="cn=udo hain,dc=lingucity,dc=de" method=128
2019-06-12T12:39:51.495078013Z app[web.1]: 5d00f297 conn=1044 op=0 BIND dn="cn=Udo Hain,dc=lingucity,dc=de" mech=SIMPLE ssf=0
2019-06-12T12:39:51.495109909Z app[web.1]: 5d00f297 conn=1044 op=0 RESULT tag=97 err=0 text=
2019-06-12T12:39:51.495605608Z app[web.1]: 5d00f297 conn=1044 op=1 UNBIND
2019-06-12T12:39:51.495625473Z app[web.1]: 5d00f297 conn=1044 fd=15 closed
2019-06-12T12:39:51.547741550Z app[web.1]: 5d00f297 conn=1037 op=32 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.547773967Z app[web.1]: 5d00f297 conn=1037 op=32 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.547781952Z app[web.1]: 5d00f297 conn=1037 op=32 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.548455936Z app[web.1]: 5d00f297 conn=1037 op=33 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(&(?objectClass=group)(cn=*))(|(?uniqueMember=udo.hain)(gidNumber=5001)))"
2019-06-12T12:39:51.548471352Z app[web.1]: 5d00f297 conn=1037 op=33 SRCH attr=cn
2019-06-12T12:39:51.548489924Z app[web.1]: 5d00f297 conn=1037 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text=
2019-06-12T12:39:51.560124607Z app[web.1]: 5d00f297 conn=1037 op=34 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.560145633Z app[web.1]: 5d00f297 conn=1037 op=34 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.560192318Z app[web.1]: 5d00f297 conn=1037 op=34 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.562081356Z app[web.1]: 5d00f297 conn=1045 fd=15 ACCEPT from IP=172.17.0.1:53260 (IP=0.0.0.0:389)
2019-06-12T12:39:51.562185023Z app[web.1]: 5d00f297 conn=1045 op=0 BIND dn="cn=udo hain,dc=lingucity,dc=de" method=128
2019-06-12T12:39:51.562203813Z app[web.1]: 5d00f297 conn=1045 op=0 BIND dn="cn=Udo Hain,dc=lingucity,dc=de" mech=SIMPLE ssf=0
2019-06-12T12:39:51.562308727Z app[web.1]: 5d00f297 conn=1045 op=0 RESULT tag=97 err=0 text=
2019-06-12T12:39:51.562989764Z app[web.1]: 5d00f297 conn=1045 op=1 UNBIND
2019-06-12T12:39:51.563097460Z app[web.1]: 5d00f297 conn=1045 fd=15 closed

Maybe it is better that you first provide some suggestions for the settings and then we provide the logs?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events