How to set up LDAP in Bamboo

Still need help?

The Atlassian Community is here for you.

Ask the community

This Knowledge Base Article is only meant for Bamboo instances prior v6.6.

A new feature Embedded Crowd has been introduced in most recent Bamboo version (v6.6 or above) and this can be review in Bamboo 6.6 Release Notes

If you are running Bamboo v6.6 or above, please refer to Connecting to external user directories instead.


The following documentation is based on Integrating Bamboo with LDAP (Bamboo v6.5 or below). However, in the following you will find an example on how to:

  1. Set up the LDAP in the "atlassian-user.xml" used by Bamboo
  2. Validate your LDAP settings prior integrating with Bamboo
  3. Integrate LDAP with Bamboo

1. Set up LDAP in the "atlassian-user.xml" used by Bamboo

The illustration above describes the Bamboo directory structure.

Please, navigate to <bamboo-home>/xml-data/configuration directory and make a copy of "atlassian-user.xml" (i.e.: atlassian-user-custom.xml)

By opening up "atlassian-user-custom.xml", by default you should find the following, which describes Bamboo's Internal Directory configuration.

<atlassian-user>
    <repositories>
        <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
    </repositories>
</atlassian-user>

Now, we need to prepare the XML structure above to receive our LDAP configuration. As a result, you should have the following:

<atlassian-user>
    <repositories>
        <!-- LDAP repository -->
        <ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true">
            <!-- your ldap configuration -->
        </ldap>
         
        <!-- Default bamboo user repository -->
        <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
    </repositories>
</atlassian-user>

1.1. Active Directory (LDAP)

(info)   The example below describes LDAP. However, please notice the example below is applicable for ApacheDS and OpenLDAP.

Now that we have prepared the "atlassian-user-custom.xml" to receive our LDAP configuration, it is time to review our Active Directory with User(s) and Group(s) that will become available to Bamboo.

We are going to set up an Organization Unit (i.e.: OU=BambooLDAP) and within this Organization Unit, we are going to create Groups (i.e.: CN=bamboo-admin, CN=bamboo-user).

Now, we are going to create Users under the Users directory:

In the above, we have created 3 users:

  1. Sample User. A
  2. Sample User. B
  3. Sample User. C

Now, lets add Users to Groups

(info)   In the illustration above, the user "Sample User. A" has been added to the "bamboo-admin" group.
Please, notice the when searching for group name "bamboo-admin" more then one record has been found, so we had to select the appropriated group, in this example the group is located under BambooLDAP

As a result we would have:

  • Sample User. A belongs to "bamboo-admin"
  • Sample User. B belongs to "bamboo-user"
  • Sample User. C belongs to "bamboo-user"

1.2. atlassian-user-custom.xml

Now that we have users and groups set up in our Active Directory, it is time to set them up in "atlassian-user-custom.xml":

<atlassian-user>
	<repositories>
		<!-- LDAP repository -->
		<ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true">
			<!--
				[HOSTNAME], the hostname to your LDAP, (i.e.: 192.168.10.71)
				[DISPLAY-NAME], i.e.: Sample User. A
				[PASSWORD], password to authenticate "Sample User. A"
			-->
			<host>[HOSTNAME]</host>
			<port>389</port>
			<!-- 
				in <security...> we are going to authenticate our LDAP configuration against a user in our Active Directory
				whereas, in this example we will be using "Sample User. A" as user
			-->
			<securityPrincipal>CN=[DISPLAY-NAME],CN=Users,DC=example,DC=com</securityPrincipal>
			<securityCredential>[PASSWORD]</securityCredential>
			<securityProtocol>plain</securityProtocol>
			<securityAuthentication>simple</securityAuthentication>
			<baseContext>DC=example,DC=com</baseContext>
			<!--
				in <baseUserNamespace> we are going to specify where our users have been created in the Active Directory 
			-->
			<baseUserNamespace>CN=Users,DC=example,DC=com</baseUserNamespace>
			<!--
				in <baseGroupNamespace> we are going to specify where our groups have been created in the Active Directory
			-->
			<baseGroupNamespace>OU=BambooLDAP,DC=example,DC=com</baseGroupNamespace>
			<userSearchAllDepths>true</userSearchAllDepths>
			<groupSearchAllDepths>true</groupSearchAllDepths>
			<usernameAttribute>sAMAccountName</usernameAttribute>
			<!--
				in <userSearchFilter> we are going to get all users that are members of "bamboo-admin" and "bamboo-user" groups
			-->
			<userSearchFilter>(&amp;(objectClass=person)(|(memberOf=CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com)(memberOf=CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com)))</userSearchFilter>
			<firstnameAttribute>givenName</firstnameAttribute>
			<surnameAttribute>sn</surnameAttribute>
			<emailAttribute>mail</emailAttribute>
			<groupnameAttribute>cn</groupnameAttribute>
			<!--
				in <groupSearchFilter> we are going to get all the groups specified in <baseGroupNamespace>
			-->
			<groupSearchFilter>(&amp;(objectClass=group))</groupSearchFilter>
			<membershipAttribute>member</membershipAttribute>
		</ldap>
		<!-- Default bamboo user repository -->
		<hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
	</repositories>
</atlassian-user>
Identifying the attributes above in your LDAP
...
<firstnameAttribute>givenName</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>

...
...
<groupnameAttribute>cn</groupnameAttribute>

...


2. Validate your LDAP settings prior to integrating with Bamboo

Now, that we have configured our "atlassian-user-custom.xml" file with instructions to connect to our LDAP, it is time to validate our settings.

Please refer to Testing LDAP or Active Directory connectivity with Paddle documentation for further information.

  1. please, copy "atlassian-user-custom.xml" to outside <bamboo-home> directory.
  2. please, rename "atlassian-user-custom.xml" to "atlassian-user.xml" as Paddle will search for this file
  3. please, run paddle as per following:

    # command
    java -jar paddle-2.0.jar debug limit=100
    

    As a result, you should get the following response:

    ###########################################################################################################################
    
    LDAP Support Tool version 2.0
    
    ###########################################################################################################################
    
    Connected to server successfully
    -----------------------------------------------------------------
    TEST 1: Search and list 100 users
    -----------------------------------------------------------------
    
    User: CN=Sample User. A,CN=Users,DC=example,DC=com
    Member of:
    	CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com
    
    User: CN=Sample User. B,CN=Users,DC=example,DC=com
    Member of:
    	CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com
    
    User: CN=Sample User. C,CN=Users,DC=example,DC=com
    Member of:
    	CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com
    
    -----------------------------------------------------------------
    TEST 2: Search and list 100 groups
    -----------------------------------------------------------------
    
    Group: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com
    Members:
    	CN=Sample User. C,CN=Users,DC=example,DC=com
    	CN=Sample User. B,CN=Users,DC=example,DC=com
    
    Group: CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com
    Members:
    	CN=Sample User. A,CN=Users,DC=example,DC=com
    

As you can see in the above response:

  • Users (Sample User. A, Sample User. B, Sample User. C) have been found and 
  • Groups (bamboo-admin, bamboo-user) have been found.

(info)   In case you did not have User(s) and/or Group(s) listed in the response from Paddle, please review the settings before integrating "atlassian-user-custom.xml" with Bamboo.

3. Integrate LDAP with Bamboo

Now, that we have tested our LDAP configuration against Paddle and users and groups have been retrieved it is time to integrate our "atlassian-user-custom.xml" with Bamboo.

Please, copy "atlassian-user-custom.xml" back into <bamboo-home>/xml-data/configuration directory.

(info)   Please, notice Bamboo will search for "atlassian-user-custom.xml" under <bamboo-home>/xml-data/configuration directory in order to enable the "Custom user repository" under "Bamboo administration >> Security >> User repositories"

Please, start Bamboo

Please, go to "Bamboo administration >> Security >> User repositories" and select "Custom user repository"

Please, go to "Bamboo administration >> Security >> Users" and you should find the following:



Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.