How to set up LDAP in Bamboo

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This Knowledge Base Article is only meant for Bamboo instances prior v6.6.

A new feature Embedded Crowd has been introduced in most recent Bamboo version (v6.6 or above) and this can be review in Bamboo 6.6 Release Notes

If you are running Bamboo v6.6 or above, please refer to Connecting to external user directories instead.

The following documentation is based on Integrating Bamboo with LDAP (Bamboo v6.5 or below). However, in the following you will find an example on how to:

  1. Set up the LDAP in the "atlassian-user.xml" used by Bamboo.

  2. Validate your LDAP settings prior integrating with Bamboo.

  3. Integrate LDAP with Bamboo.

Solution

1. Set up LDAP in the "atlassian-user.xml" used by Bamboo

(Auto-migrated image: description temporarily unavailable)

The illustration above describes the Bamboo directory structure.

Please, navigate to <bamboo-home>/xml-data/configuration directory and make a copy of "atlassian-user.xml" (i.e.: atlassian-user-custom.xml)

By opening up "atlassian-user-custom.xml", by default you should find the following, which describes Bamboo's Internal Directory configuration.

1 2 3 4 5 <atlassian-user> <repositories> <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/> </repositories> </atlassian-user>

Now, we need to prepare the XML structure above to receive our LDAP configuration. As a result, you should have the following:

1 2 3 4 5 6 7 8 9 10 11 <atlassian-user> <repositories> <!-- LDAP repository --> <ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true"> <!-- your ldap configuration --> </ldap> <!-- Default bamboo user repository --> <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/> </repositories> </atlassian-user>

1.1. Active Directory (LDAP)

ℹ️   The example below describes LDAP. However, please notice the example below is applicable for ApacheDS and OpenLDAP.

Now that we have prepared the "atlassian-user-custom.xml" to receive our LDAP configuration, it is time to review our Active Directory with User(s) and Group(s) that will become available to Bamboo.

(Auto-migrated image: description temporarily unavailable)

We are going to set up an Organization Unit (i.e.: OU=BambooLDAP) and within this Organization Unit, we are going to create Groups (i.e.: CN=bamboo-admin, CN=bamboo-user).

(Auto-migrated image: description temporarily unavailable)

Now, we are going to create Users under the Users directory:

(Auto-migrated image: description temporarily unavailable)
(Auto-migrated image: description temporarily unavailable)

In the above, we have created 3 users:

  1. Sample User. A

  2. Sample User. B

  3. Sample User. C

Now, lets add Users to Groups

(Auto-migrated image: description temporarily unavailable)

ℹ️   In the illustration above, the user "Sample User. A" has been added to the "bamboo-admin" group. Please, notice the when searching for group name "bamboo-admin" more then one record has been found, so we had to select the appropriated group, in this example the group is located under BambooLDAP.

As a result we would have:

  • Sample User. A belongs to "bamboo-admin"

  • Sample User. B belongs to "bamboo-user"

  • Sample User. C belongs to "bamboo-user"

1.2. atlassian-user-custom.xml

Now that we have users and groups set up in our Active Directory, it is time to set them up in "atlassian-user-custom.xml":

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 <atlassian-user> <repositories> <!-- LDAP repository --> <ldap key="ldapRepository" name="Active Directory LDAP Repository" cache="true"> <!-- [HOSTNAME], the hostname to your LDAP, (i.e.: 192.168.10.71) [DISPLAY-NAME], i.e.: Sample User. A [PASSWORD], password to authenticate "Sample User. A" --> <host>[HOSTNAME]</host> <port>389</port> <!--  in <security...> we are going to authenticate our LDAP configuration against a user in our Active Directory whereas, in this example we will be using "Sample User. A" as user --> <securityPrincipal>CN=[DISPLAY-NAME],CN=Users,DC=example,DC=com</securityPrincipal> <securityCredential>[PASSWORD]</securityCredential> <securityProtocol>plain</securityProtocol> <securityAuthentication>simple</securityAuthentication> <baseContext>DC=example,DC=com</baseContext> <!-- in <baseUserNamespace> we are going to specify where our users have been created in the Active Directory --> <baseUserNamespace>CN=Users,DC=example,DC=com</baseUserNamespace> <!-- in <baseGroupNamespace> we are going to specify where our groups have been created in the Active Directory --> <baseGroupNamespace>OU=BambooLDAP,DC=example,DC=com</baseGroupNamespace> <userSearchAllDepths>true</userSearchAllDepths> <groupSearchAllDepths>true</groupSearchAllDepths> <usernameAttribute>sAMAccountName</usernameAttribute> <!-- in <userSearchFilter> we are going to get all users that are members of "bamboo-admin" and "bamboo-user" groups --> <userSearchFilter>(&amp;(objectClass=person)(|(memberOf=CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com)(memberOf=CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com)))</userSearchFilter> <firstnameAttribute>givenName</firstnameAttribute> <surnameAttribute>sn</surnameAttribute> <emailAttribute>mail</emailAttribute> <groupnameAttribute>cn</groupnameAttribute> <!-- in <groupSearchFilter> we are going to get all the groups specified in <baseGroupNamespace> --> <groupSearchFilter>(&amp;(objectClass=group))</groupSearchFilter> <membershipAttribute>member</membershipAttribute> </ldap> <!-- Default bamboo user repository --> <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/> </repositories> </atlassian-user>

Identifying the attributes above in your LDAP

1 2 3 4 5 6 ... <firstnameAttribute>givenName</firstnameAttribute> <surnameAttribute>sn</surnameAttribute> <emailAttribute>mail</emailAttribute> ...
(Auto-migrated image: description temporarily unavailable)

1 2 3 4 ... <groupnameAttribute>cn</groupnameAttribute> ...
(Auto-migrated image: description temporarily unavailable)

2. Validate your LDAP settings prior to integrating with Bamboo

Now, that we have configured our "atlassian-user-custom.xml" file with instructions to connect to our LDAP, it is time to validate our settings.

Please refer to Testing LDAP or Active Directory connectivity with Paddle documentation for further information.

  1. please, copy "atlassian-user-custom.xml" to outside <bamboo-home> directory.

  2. please, rename "atlassian-user-custom.xml" to "atlassian-user.xml" as Paddle will search for this file

  3. please, run paddle as per following:

    1 2 # command java -jar paddle-2.0.jar debug limit=100

    As a result, you should get the following response:

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 ########################################################################################################################### LDAP Support Tool version 2.0 ########################################################################################################################### Connected to server successfully ----------------------------------------------------------------- TEST 1: Search and list 100 users ----------------------------------------------------------------- User: CN=Sample User. A,CN=Users,DC=example,DC=com Member of: CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com User: CN=Sample User. B,CN=Users,DC=example,DC=com Member of: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com User: CN=Sample User. C,CN=Users,DC=example,DC=com Member of: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com ----------------------------------------------------------------- TEST 2: Search and list 100 groups ----------------------------------------------------------------- Group: CN=bamboo-user,OU=BambooLDAP,DC=example,DC=com Members: CN=Sample User. C,CN=Users,DC=example,DC=com CN=Sample User. B,CN=Users,DC=example,DC=com Group: CN=bamboo-admin,OU=BambooLDAP,DC=example,DC=com Members: CN=Sample User. A,CN=Users,DC=example,DC=com

As you can see in the above response:

  • Users (Sample User. A, Sample User. B, Sample User. C) have been found and

  • Groups (bamboo-admin, bamboo-user) have been found.

ℹ️   In case you did not have User(s) and/or Group(s) listed in the response from Paddle, please review the settings before integrating "atlassian-user-custom.xml" with Bamboo.

3. Integrate LDAP with Bamboo

Now, that we have tested our LDAP configuration against Paddle and users and groups have been retrieved it is time to integrate our "atlassian-user-custom.xml" with Bamboo.

Please, copy "atlassian-user-custom.xml" back into <bamboo-home>/xml-data/configuration directory.

ℹ️   Please, notice Bamboo will search for "atlassian-user-custom.xml" under <bamboo-home>/xml-data/configuration directory in order to enable the "Custom user repository" under "Bamboo administration >> Security >> User repositories"

Please, start Bamboo

Please, go to "Bamboo administration >> Security >> User repositories" and select "Custom user repository"

(Auto-migrated image: description temporarily unavailable)

Please, go to "Bamboo administration >> Security >> Users" and you should find the following:

(Auto-migrated image: description temporarily unavailable)

Updated on April 8, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community