JSM DC Assets LDAP Import - some LDAP attributes are not listed in Data Locators field
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After creating Object type mapping within the LDAP import, not all LDAP attributes can be fetched in the Datalocator field. For example, we know the user directory contains attribute "department", but when trying to list this attribute, it does not show up:
Environment
- JSM 5.x
- Assets standalone 8.x
Diagnosis
Performing the following ldapsearch command confirms the missing attribute can be fetched (example:
ldapsearch
command connecting to Active Directory and confirming the "department" attribute is returned):$ ldapsearch -x -b "DC=example,DC=net" -h 192.168.1.10 -s "sub" -D user@example.com -w <password> "(objectClass=*)" | grep department department: Service User department: Product Development department: Product Testing department: Management ...
Increasing logging level for
com.riadalabs.jira.plugins.insight.services.imports.modules.ldap
package to DEBUG (Logging and profiling page) will log more information toatlassian-jira.log
about which LDAP attributes are returned whilst listing Datalocator attributes, but the required attribute "department" is not returned:2024-04-08 08:04:32,191+0000 http-nio-8080-exec-3 url: /jsm/rest/insight/1.0/import/datalocators/3; user: admin DEBUG admin 484x569x1 2jtb70 xx.xx.xx.xx,yy.yy.yy.yy /rest/insight/1.0/import/datalocators/3 [c.r.j.p.i.s.i.modules.ldap.LdapImportModule] SearchResult from LDAP server <CN=ForeignSecurityPrincipals: null:null:{name=name: ForeignSecurityPrincipals, instancetype=instanceType: 4, usncreated=uSNCreated: 5806, usnchanged=uSNChanged: 5806, objectclass=objectClass: top, container, distinguishedname=distinguishedName: CN=ForeignSecurityPrincipals,DC=example,DC=net, objectcategory=objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=example,DC=net, objectguid=objectGUID: [B@6bca1, cn=cn: ForeignSecurityPrincipals, whencreated=whenCreated: 20240405102349.0Z, description=description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains, whenchanged=whenChanged: 20240405102349.0Z, dscorepropagationdata=dSCorePropagationData: 20240405102642.0Z, 16010101000001.0Z}>
Cause
LDAP search cannot find some attributes that are not bound to the first level of search scope.
Solution
The solution here is to change "Search scope" to "SUBTREE" in the LDAP import configuration: