Symptoms

While synchronizing the LDAP directory the following appears in the atlassian-jira.log:

YYYY-MM-DD HH:MM:SS,MSS QuartzScheduler_Worker-3 WARN ServiceRunner     [directory.ldap.mapper.UserContextMapper] Failed to map attribute <gidNumber> from context with DN <cn=user01,ou=Users,dc=example,dc=com>
java.lang.NullPointerException
at com.atlassian.crowd.directory.ldap.mapper.attribute.RFC2307GidNumberMapper.getValues(RFC2307GidNumberMapper.java:19)
...

Cause

The gidNumber is a unique identifier assigned to a group on the Linux and UNIX operating system, it contains an integer value that uniquely identifies a group in an administrative domain. It's a required attribute on OpenLDAP based LDAPs, but in some distributions the LDAP server allows users to be created without specifying this attribute.

Crowd and Crowd embedded plugin will check both the gidNumber and the memberUid attributes to determine if a user is a member of a group (Configuring to an LDAP Directory). The memberUid attribute is the default value at the field Group Members Attribute within the LDAP configuration in JIRA, but you can change it to a different attribute if you wish, but the gidNumber attribute is not configurable. Crowd and Crowd embedded plugin will always use this attribute to determine membership.

Resolution

This WARN message is usually harmless, but there are two ways to solve this issue:

• Make sure that the LDAP user being referred in the WARN message has the gidNumber attribute;

• Or, you can use a LDAP filter, as the following example, to only return LDAP users that have the gidNumber attribute.

  (&(objectclass=inetorgperson)(gidnumber=*))