LDAP sync fails with InvalidNameException
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
Configuring the LDAP directory incorrectly fails. The following appears in the
2016-02-03 14:45:47,252 ERROR [http-bio-7990-exec-10] 885x2150x0 1jx2dla 10.1.20.94 "POST /j_stash_security_check HTTP/1.1" c.a.c.directory.ldap.name.SearchDN User Search DN could not be parsed javax.naming.InvalidNameException: Invalid name: (&(objectCategory=Person)(sAMAccountName=*)),dc=auth ...
The stack trace above means that the values configured for Base DN + Additional User DN are incorrect.
Alternatively, you could look for the following value pairs in the faling External Directory configuration by investigating the
Directory Configuration Summary.
For the example we are analysing, the values were:
Which combined result in an invalid search response back from the LDAP server.
Incorrect configuration for Base DN + Additional User DN.
On that field, what should be configured is anything that is more specific to your tree as it will combine the "Base DN" + "Additional User DN" should not contain a filter format.
That's why Bitbucket is incorrectly was trying to to find the object: (&(objectCategory=Person)(sAMAccountName=*)),dc=auth.
The "User Object Filter:" under the "User Schema Settings" should be the one to contain the LDAP filter (which should be the one that looks similar to (&(objectCategory=Person)(sAMAccountName=*)).
If your user can be found under the "Base DN:", then you need to specify nothing for the "Additional User DN".
The solution is to configure the "Base DN" + "Additional User DN" correctly.