Community
Products
Jira
Questions
Test get user's memberships : Failed, while connecting Jira with OpenLDAP

Test get user's memberships : Failed, while connecting Jira with OpenLDAP

Hi,

I'm trying to configure JIRA with OpenLDAP user directory. But I'm facing "Test get user's memberships : Failed" When doing the "Test Connection", I'm sharing full result when I'm test connection , I have also attached my jira server setup Screen Shot.

Output:-

Test basic connection : Succeeded

Test retrieve user : Succeeded

Test user rename is configured and tracked : Succeeded

Test get user's memberships : Failed

Test retrieve group : Not performed

Test get group members : Not performed

Test user can authenticate : Succeeded

3 answers

0 votes

Sorry. Wrong post.

Can't find a way to delete it.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Hi, I have solved the problem, at least for my setup. The main problem for me was that I use an openldap docker image which has obviously a problem with the "memberof" method. The solution here was to use groupOfUniqueNames instead of groupOfNames for the groups like "jira-software-users", then the memberof call yields the expected results. Here my settings:

User Schema Settings

User Object Class: inetOrgPerson
User Object Filter: (objectClass=person)
User Name Attribute: uid
User Name RDN Attribute: cn
User First Name Attribute: givenName
User Last Name Attribute: sn
User Display Name Attribute: cn
User Email Attribute: mail
User Password Attribute: userpassword
User Password Encryption: SHA
User Unique ID Attribute: uidNumber

Group Schema Settings

Group Object Class: groupOfUniqueNames
Group Object Filter: (cn=*)
Group Name Attribute: cn
Group Description Attribute: description

Membership Schema Settings

Group Members Attribute: uniquemember
User Membership Attribute: memberof

Here as example the ldif output of my group "jira-software-users:

# LDIF Export for cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
# Server: ldap.lingucity.de (ldap.lingucity.de)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 13, 2019 4:02 pm
# Version: 1.2.4

version: 1

# Entry 1: cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
dn: cn=jira-software-users,ou=Groups,dc=lingucity,dc=de
cn: jira-software-users
objectclass: groupOfUniqueNames
objectclass: top
uniquemember: cn=GName1, SName1,ou=People,dc=lingucity,dc=de
uniquemember: cn=GName2, SName2,ou=People,dc=lingucity,dc=de
uniquemember: cn=GName3, SName3,ou=People,dc=lingucity,dc=de

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

That's good!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Hi!

Have you communicate with AD/LDAP admin?

looks like uniqueMember incorrect, could you try memberOf ?

Cheers,

Gonchik Tsymzhitov

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

@Gonchik Tsymzhitov ... Yes, I tried with memberOf also but same issue ...

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Anant Bhat likes this

@Gonchik Tsymzhitov ... that one also showing same error ..

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I have the same problem. What is the purpose of this query? What is the expected result? How do I match the fields provided by the LDAP server to the requests mentioned in the settings?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Could you share logs, please?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

In section "User Schema Settings" I have nearly the same as shown above, only two differences: "User Display Name Attribute" is set to "cn", and I have an additional line at the end "User Unique ID Attribute" which I have set to "uidNumber".

The other settings for Group Schema and Membership Schema are identical. When I start the test, I have the same screen as shown above. My openLDAP server shows the following output:

2019-06-12T12:39:51.490728857Z app[web.1]: 5d00f297 conn=1037 op=28 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.490754193Z app[web.1]: 5d00f297 conn=1037 op=28 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.490844693Z app[web.1]: 5d00f297 conn=1037 op=28 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.491667549Z app[web.1]: 5d00f297 conn=1037 op=29 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.491678896Z app[web.1]: 5d00f297 conn=1037 op=29 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.491728715Z app[web.1]: 5d00f297 conn=1037 op=29 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.492477068Z app[web.1]: 5d00f297 conn=1037 op=30 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(&(?objectClass=group)(cn=*))(|(?uniqueMember=udo.hain)(gidNumber=5001)))"
2019-06-12T12:39:51.492495990Z app[web.1]: 5d00f297 conn=1037 op=30 SRCH attr=description cn uniqueMember gidNumber
2019-06-12T12:39:51.492548212Z app[web.1]: 5d00f297 conn=1037 op=30 SEARCH RESULT tag=101 err=0 nentries=0 text=
2019-06-12T12:39:51.493002890Z app[web.1]: 5d00f297 conn=1037 op=31 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.493011650Z app[web.1]: 5d00f297 conn=1037 op=31 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.493057502Z app[web.1]: 5d00f297 conn=1037 op=31 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.495028906Z app[web.1]: 5d00f297 conn=1044 fd=15 ACCEPT from IP=172.17.0.1:53256 (IP=0.0.0.0:389)
2019-06-12T12:39:51.495058890Z app[web.1]: 5d00f297 conn=1044 op=0 BIND dn="cn=udo hain,dc=lingucity,dc=de" method=128
2019-06-12T12:39:51.495078013Z app[web.1]: 5d00f297 conn=1044 op=0 BIND dn="cn=Udo Hain,dc=lingucity,dc=de" mech=SIMPLE ssf=0
2019-06-12T12:39:51.495109909Z app[web.1]: 5d00f297 conn=1044 op=0 RESULT tag=97 err=0 text=
2019-06-12T12:39:51.495605608Z app[web.1]: 5d00f297 conn=1044 op=1 UNBIND
2019-06-12T12:39:51.495625473Z app[web.1]: 5d00f297 conn=1044 fd=15 closed
2019-06-12T12:39:51.547741550Z app[web.1]: 5d00f297 conn=1037 op=32 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.547773967Z app[web.1]: 5d00f297 conn=1037 op=32 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.547781952Z app[web.1]: 5d00f297 conn=1037 op=32 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.548455936Z app[web.1]: 5d00f297 conn=1037 op=33 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(&(?objectClass=group)(cn=*))(|(?uniqueMember=udo.hain)(gidNumber=5001)))"
2019-06-12T12:39:51.548471352Z app[web.1]: 5d00f297 conn=1037 op=33 SRCH attr=cn
2019-06-12T12:39:51.548489924Z app[web.1]: 5d00f297 conn=1037 op=33 SEARCH RESULT tag=101 err=0 nentries=0 text=
2019-06-12T12:39:51.560124607Z app[web.1]: 5d00f297 conn=1037 op=34 SRCH base="dc=lingucity,dc=de" scope=2 deref=3 filter="(&(objectClass=*)(uid=udo.hain))"
2019-06-12T12:39:51.560145633Z app[web.1]: 5d00f297 conn=1037 op=34 SRCH attr=uid mail uidNumber givenName sn cn gidNumber
2019-06-12T12:39:51.560192318Z app[web.1]: 5d00f297 conn=1037 op=34 SEARCH RESULT tag=101 err=0 nentries=1 text=
2019-06-12T12:39:51.562081356Z app[web.1]: 5d00f297 conn=1045 fd=15 ACCEPT from IP=172.17.0.1:53260 (IP=0.0.0.0:389)
2019-06-12T12:39:51.562185023Z app[web.1]: 5d00f297 conn=1045 op=0 BIND dn="cn=udo hain,dc=lingucity,dc=de" method=128
2019-06-12T12:39:51.562203813Z app[web.1]: 5d00f297 conn=1045 op=0 BIND dn="cn=Udo Hain,dc=lingucity,dc=de" mech=SIMPLE ssf=0
2019-06-12T12:39:51.562308727Z app[web.1]: 5d00f297 conn=1045 op=0 RESULT tag=97 err=0 text=
2019-06-12T12:39:51.562989764Z app[web.1]: 5d00f297 conn=1045 op=1 UNBIND
2019-06-12T12:39:51.563097460Z app[web.1]: 5d00f297 conn=1045 fd=15 closed

Maybe it is better that you first provide some suggestions for the settings and then we provide the logs?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Test get user's memberships : Failed, while connecting Jira with OpenLDAP

3 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Test get user's memberships : Failed, while connecting Jira with OpenLDAP

3 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events

Welcome to the new Atlassian Community