Problem try to configure Delegated LDAP Authentication V 2.3.3

I cannot seem to authenticate a Directory of type Delegated LDAP Authentication.

When I test the default value for the Configuration field ‘User Object Filter: User Object Filter: User Object Filter: User Object Filter’ I get the following error

default value: (&objectCategory=Person)(sAMAccountName=*))

Error:

No results were found from your search. org.springframework.ldap.SizeLimitExceededException:

[LDAP: error code 4 - Sizelimit Exceeded]; nested exception is javax.naming.SizeLimitExceededException:

[LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'dc=itservices,dc=sbc,dc=com' User Object Filter:

No results were found from your search. org.springframework.ldap.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; nested exception is javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded]; remaining name 'dc=itservices,dc=sbc,dc=com'

Also I cannot seem to update the field value ‘User Object Filter: User Object Filter: User Object Filter: User Object Filter’ to always end in an error.

Here is some debug output from crowd:

2011-10-14 10:44:08,167 http-8095-3 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Authenticating user: ht1792

2011-10-14 10:44:08,168 http-8095-3 DEBUG [crowd.dao.directory.DirectoryDAOHibernate] Loaded object: com.atlassian.crowd.model.directory.DirectoryImpl@4cc3519a[lowerName=centralscm users,description=,type=INTERNAL,implementationClass=com.atlassian.crowd.directory.InternalDirectory,allowedOperations=[DELETE_USER, UPDATE_USER_ATTRIBUTE, CREATE_USER, UPDATE_USER, CREATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_GROUP, DELETE_GROUP],attributes={password_max_change_time=0, password_regex=, user_encryption_method=atlassian-security, password_history_count=0, password_max_attempts=0}]

2011-10-14 10:44:08,169 http-8095-3 DEBUG [crowd.dao.directory.DirectoryDAOHibernate] Loaded object: com.atlassian.crowd.model.directory.DirectoryImpl@23320772[lowerName=itservices,description=ITSERVICES Delegated LDAP Authentication,type=DELEGATING,implementationClass=com.atlassian.crowd.directory.DelegatedAuthenticationDirectory,allowedOperations=[DELETE_USER, UPDATE_USER_ATTRIBUTE, CREATE_USER, UPDATE_USER, CREATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_GROUP, DELETE_GROUP],attributes={directory.cache.synchronise.interval=3600, ldap.read.timeout=120000, ldap.user.displayname=displayName, ldap.usermembership.use=false, ldap.search.timelimit=60000, ldap.user.objectclass=user, ldap.group.objectclass=group, ldap.user.firstname=givenName, ldap.group.description=description, ldap.pagedresults=false, crowd.sync.incremental.enabled=false, com.atlassian.crowd.directory.sync.cache.enabled=false, ldap.group.usernames=member, ldap.user.group=memberOf, ldap.user.filter=(&(objectCategory=Person)(sAMAccountName=*)), ldap.user.username.rdn=cn, crowd.delegated.directory.auto.create.user=true, ldap.password=, ldap.relaxed.dn.standardisation=false, ldap.secure=false, ldap.group.filter=(objectCategory=Group), crowd.delegated.directory.auto.update.user=false, ldap.nestedgroups.disabled=true, ldap.user.username=sAMAccountName, ldap.group.dn=, ldap.user.email=mail, ldap.basedn=dc=itservices,dc=sbc,dc=com, ldap.roles.disabled=true, ldap.connection.timeout=10000, ldap.url=ldap://itservices.sbc.com:389/, ldap.usermembership.use.for.groups=false, crowd.delegated.directory.importGroups=false, ldap.referral=false, ldap.userdn=cn=m62541,ou=genericid,ou=sbcusers,dc=itservices,dc=sbc,dc=com, ldap.user.lastname=sn, ldap.group.name=cn, useNestedGroups=false, ldap.user.dn=, crowd.delegated.directory.type=com.atlassian.crowd.directory.MicrosoftActiveDirectory, ldap.user.password=unicodePwd}]

2011-10-14 10:44:08,173 http-8095-3 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = dc=itservices,dc=sbc,dc=com - filter = (&(&(objectCategory=Person)(sAMAccountName=*))(sAMAccountName=ht1792))

2011-10-14 10:44:08,465 http-8095-3 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'ITSERVICES' is not functional during authentication of 'ht1792'. Skipped.

2011-10-14 10:44:08,466 http-8095-3 DEBUG [atlassian.util.profiling.UtilTimerStack] [298ms] - AOP: TokenAuthenticationManager.authenticateUser()

[0ms] - AOP: ApplicationManager.findByName()

[0ms] - AOP: AliasManager.findUsernameByAlias()

[298ms] - AOP: ApplicationService.authenticateUser()

[0ms] - AOP: AliasManager.findUsernameByAlias()

[298ms] - AOP: ApplicationService.authenticateUser()

[298ms] - AOP: ApplicationService.authenticateUser()

[0ms] - AOP: DirectoryManager.authenticateUser()

[297ms] - AOP: DirectoryManager.authenticateUser()

2011-10-14 10:44:08,466 http-8095-3 ERROR [console.action.application.ViewApplication] org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772^@]; remaining name 'dc=itservices,dc=sbc,dc=com'

com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772^@]; remaining name 'dc=itservices,dc=sbc,dc=com'

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:383)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:351)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:541)

at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:507)

at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:494)

at com.atlassian.crowd.directory.SpringLDAPConnector.authenticate(SpringLDAPConnector.java:931)

1 answer

1 accepted

Hello,

you get a size limit exceeded error. Have you tried to use "paged results"? Most LDAP Directories that I know of use a maximum result set of 1000. Thus, if you have more that 1000 users, your result set gets too big and an error is thrown.

Try paged results with a maximum of 999 results.

For the second part:

LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection

Says that you ave to authenticate to your LDAP directory first, before you get any results. Maybe you have to edit your athentication settings in the ldap connector part.

Cheers

Manse


Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Jira Software

How large do you think Jira Software can grow?

Hi Atlassian Community! My name is Shana, and I’m on the Jira Software team. One of the many reasons this Community exists is to connect you to others on similar product journeys or with comparabl...

135 views 4 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you