JSM DC Assets LDAP Import - some LDAP attributes are not listed in Data Locators field

   

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

After creating Object type mapping within the LDAP import, not all LDAP attributes can be fetched in the Datalocator field. For example, we know the user directory contains attribute "department", but when trying to list this attribute, it does not show up:

Environment

  • JSM 5.x
  • Assets standalone 8.x

Diagnosis

  • Performing the following ldapsearch command confirms the missing attribute can be fetched (example: ldapsearch command connecting to Active Directory and confirming the "department" attribute is returned):

    $ ldapsearch -x -b "DC=example,DC=net" -h 192.168.1.10 -s "sub" -D user@example.com -w <password> "(objectClass=*)" | grep department
    department: Service User
    department: Product Development
    department: Product Testing
    department: Management
    ...
  • Increasing logging level for com.riadalabs.jira.plugins.insight.services.imports.modules.ldap package to DEBUG (Logging and profiling page) will log more information to atlassian-jira.log about which LDAP attributes are returned whilst listing Datalocator attributes, but the required attribute "department" is not returned:

    2024-04-08 08:04:32,191+0000 http-nio-8080-exec-3 url: /jsm/rest/insight/1.0/import/datalocators/3; user: admin DEBUG admin 484x569x1 2jtb70 xx.xx.xx.xx,yy.yy.yy.yy /rest/insight/1.0/import/datalocators/3 [c.r.j.p.i.s.i.modules.ldap.LdapImportModule] SearchResult from LDAP server <CN=ForeignSecurityPrincipals: null:null:{name=name: ForeignSecurityPrincipals, instancetype=instanceType: 4, usncreated=uSNCreated: 5806, usnchanged=uSNChanged: 5806, objectclass=objectClass: top, container, distinguishedname=distinguishedName: CN=ForeignSecurityPrincipals,DC=example,DC=net, objectcategory=objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=example,DC=net, objectguid=objectGUID: [B@6bca1, cn=cn: ForeignSecurityPrincipals, whencreated=whenCreated: 20240405102349.0Z, description=description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains, whenchanged=whenChanged: 20240405102349.0Z, dscorepropagationdata=dSCorePropagationData: 20240405102642.0Z, 16010101000001.0Z}>


Cause

LDAP search cannot find some attributes that are not bound to the first level of search scope.

Solution

The solution here is to change "Search scope" to "SUBTREE" in the LDAP import configuration:

Last modified on Aug 8, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.