Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Any way to debug "Test get group members: Failed" when configuring with OpenLDAP?

Dee Heffemm
Dee Heffemm May 17, 2021

Hi,
I'm having a problem configuring Jira with an OpenLDAP server. The "Save and Test" results in a single failure "Test get group members: Failed".

jira-groups.png

I've found a few links on the forum dealing with this but even after verifying my Group Object Filter and User Object Search via ldapsearch, I'm stumped. When I try both filters at the cli, I do get results returned, so the filter seems legit. I have been using the memberOf  (groupOfNames) overlay for other applications so that all seems OK.

user_schema_settings.pnggroup_schema_settings.png

I've looked in /var/jira/log/atlassian-jira.log and I can see Jira finding group info in LDAP, but there aren't any errors or warnings or segfaults or other messages suggesting there's a glaring error.

atlassian-jira.log:2021-05-17 02:13:37,329-0500 Caesium-1-2 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 10 ] remote groups in [ 2 ms ]
atlassian-jira.log:2021-05-17 03:28:36,555-0500 Caesium-1-4 INFO ServiceRunner [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 181 ] remote users in [ 11 ms ]

Is there way to debug this process a little deeper with some config setting or other log?

Thanks!

Answer
Watch
Like Be the first to like this
1768 views

1 answer

1 accepted

2 votes
Answer accepted
Dee Heffemm
Dee Heffemm May 25, 2021

Just wanted to follow up in case anyone else runs into this same problem. I finally found the correct logging options in Jira (gg logging) and enabled DEBUG on these two Loggers:

  • com.atlassian.jira.web.action.util.LDAPConfigurer
  • com.atlassian.crowd.directory

This put MUCH more info in the atlassian-jira.log file. I was able to step through each operation Jira was doing while talking to the OpenLDAP directory. I noticed this:

2021-05-24 ... Execute operation search with handler on baseDN: ou=xxx,dc=xxx,dc=xxx, filter: (&(objectclass=inetorgperson)(memberOf=cn=xxx,ou=groups,dc=xxx,dc=xxx,dc=xxx))
2021-05-24 ... The operation returned 0 results

There should be results coming back for that, so I tried a memberOf search at the command line of the OpenLDAP server:

# ldapsearch -LL -Y EXTERNAL -H ldapi:/// "(cn=someuser)" -b dc=xxx,dc=xxx,dc=xxx memberOf

This returned 0 results. I spoke with our directory maintainer and there had been a change to how the LDAP directory is updated and the memberOf attribute was no longer being maintained correctly (groups were being updated _before_ users were being updated). After correcting the process, the memberOf attributes were working the next day.

So, not really a Jira issue after all, but something you might want to look for if you're getting this message

View More Comments
Gustavo Chaves
Gustavo Chaves
Contributor
March 3, 2024

I had a different problem, but your answer helped me to find it. Thanks!

For the record, the line in the logs where I found my problem was this (slightly redacted):

2024-03-03 17:55:10,246-0300 http-nio-8081-exec-7 url: /plugins/servlet/embedded-crowd/directories/troubleshoot/; user: jira-user DEBUG jira-user 1075x552x1 cxnzde 172.19.0.1 /plugins/servlet/embedded-crowd/directories/troubleshoot/ [c.a.crowd.directory.SpringLDAPConnector] Entity DN <cn=gustavo xxx,ou=2240,ou=2200,...,dc=com,dc=br> is outside the entity base DN subtree scope <...,dc=com,dc=br >

Note that there is a trailing space in the "base DN subtree scope". I edited the Base DN configuration and removed the space that was there by mistake. After that, all tests passed.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.