Upgrade to Bamboo v6.6+ versions fail on task 60601: Property userSearchFilter does not define objectClass or objectCategory filter

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く


問題

On Bamboo v6.6+ versions, we introduced the embedded crowd functionality and this requires that all LDAP parameters previously set on the atlassian-user.xml file be converted to the new architecture.

The following appears in the atlassian-bamboo.log

2018-07-16 21:53:13,429 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,430 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap)
2018-07-16 21:53:13,431 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,465 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: PUBLIC
2018-07-16 21:53:13,515 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository]
2018-07-16 21:53:13,521 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@645d2561]
2018-07-16 21:53:13,524 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [ldapRepository]
2018-07-16 21:53:13,559 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property userSearchFilter does not define objectClass or objectCategory filter
2018-07-16 21:53:13,560 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [ldapRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@75a14151]
2018-07-16 21:53:13,568 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed
java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.lambda$doUpgrade$0(AtlassianUserRepositoriesAreValid.java:46)
	at com.atlassian.bamboo.upgrade.AbstractBootstrapUpgradeTask.withDatabaseConnection(AbstractBootstrapUpgradeTask.java:65)
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:38)
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:33)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTask(BootstrapUpgradeManagerImpl.java:134)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.lambda$runValidationTasks$0(BootstrapUpgradeManagerImpl.java:93)
	at com.atlassian.bamboo.upgrade.AbstractUpgradeManager.forEachTask(AbstractUpgradeManager.java:151)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTasks(BootstrapUpgradeManagerImpl.java:93)
	at com.atlassian.bamboo.setup.DefaultBootstrapManager.runValidationTasks(DefaultBootstrapManager.java:373)
	at com.atlassian.bamboo.setup.DefaultBootstrapManager.performPersistenceUpgrade(DefaultBootstrapManager.java:277)
	at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.init(DefaultAtlassianBootstrapManager.java:77)
	at com.atlassian.bamboo.setup.BootstrapLoaderListener.contextInitialized(BootstrapLoaderListener.java:116)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4842)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
	... 21 more
2018-07-16 21:53:13,581 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.

診断

環境

  • Bamboo integrated to Active Directory

Diagnostic Steps

  • Open the bamboo-home/xml-data/configuration/atlassian-user.xml
  • Double check if the user search filter is set as fallows:

    <userSearchFilter>(sAMAccountName=*)</userSearchFilter>

原因

The upgrade task is not being able to parse the atlassian-user.xml file and check if the LDAP configuration is valid before copying it to Embedded Crowd.

ソリューション

Use a different parameter on the <userSearchFilter>.

Microsoft suggests that when connecting to Windows Active Directory, the filter to be used should be:

フィルター説明
(objectClass=user)(objectCategory=person)

Because the computer class is a subclass of user, a query containing only (objectClass=user) would return user objects and computer objects. Also, the object category of the user object is person (not user); therefore, the expression (objectCategory=user) does not return any users. If you use the expression (objectCategory=person), the query returns user objects and contact objects.

Users can be placed in any container or organizational unit in a domain as well as the root of the domain. This means that users can be in numerous locations in the directory hierarchy. You can perform a deep search for "(objectCategory=user)" to find all users in a container, organizational unit, domain, domain tree, or forest - depending on the object that the IDirectorySearch pointer you are using is bound to.

Extracted from Querying for Users.

(!userAccountControl:1.2.840.113556.1.4.803:=2)Filters out disabled accounts

If using a different Active Directory other than Windows Active Directory, you should append either (objectClass=user), (objectCategory=person) or (objectClass=user)(objectCategory=person). Please, make sure the property to be appended exists in your Active Directory beforehand.

最終更新日 2018 年 7 月 17 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.