LDAP sync fails with InvalidNameException

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

Configuring the LDAP directory incorrectly fails. The following appears in the bitbucket-server.log:

2016-02-03 14:45:47,252 ERROR [http-bio-7990-exec-10] 885x2150x0 1jx2dla 10.1.20.94 "POST /j_stash_security_check HTTP/1.1" c.a.c.directory.ldap.name.SearchDN User Search DN could not be parsed
javax.naming.InvalidNameException: Invalid name: (&(objectCategory=Person)(sAMAccountName=*)),dc=auth
...

診断

The stack trace above means that the values configured for Base DN + Additional User DN  are incorrect.

Alternatively, you could look for the following value pairs in the faling External Directory configuration by investigating the Directory Configuration Summary. 

For the example we are analysing, the values were:

ldap.user.dn=(&(objectCategory=Person)(sAMAccountName=*))
ldap.basedn=dc=auth

Which combined result in an invalid search response back from the LDAP server.

原因

Incorrect configuration for Base DN + Additional User DN.

ソリューション

On that field, what should be configured is anything that is more specific to your tree as it will combine the "Base DN" + "Additional User DN" should not contain a filter format. 

That's why Bitbucket is incorrectly was trying to to find the object: (&(objectCategory=Person)(sAMAccountName=*)),dc=auth.

The "User Object Filter:" under the "User Schema Settings" should be the one to contain the LDAP filter (which should be the one that looks similar to (&(objectCategory=Person)(sAMAccountName=*)).

If your user can be found under the "Base DN:", then you need to specify nothing for the "Additional User DN".

The solution is to configure the "Base DN" + "Additional User DN" correctly.

 

最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.