JSM DC Assets LDAP Import - some LDAP attributes are not listed in Data Locators field
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After creating Object type mapping within the LDAP import, not all LDAP attributes can be fetched in the Datalocator field. For example, we know the user directory contains attribute "department", but when trying to list this attribute, it does not show up:
Environment
JSM 5.x
Assets standalone 8.x
Diagnosis
Performing the following ldapsearch command confirms the missing attribute can be fetched (example:
ldapsearchcommand connecting to Active Directory and confirming the "department" attribute is returned):1 2 3 4 5 6$ ldapsearch -x -b "DC=example,DC=net" -h 192.168.1.10 -s "sub" -D user@example.com -w <password> "(objectClass=*)" | grep department department: Service User department: Product Development department: Product Testing department: Management ...Increasing logging level for
com.riadalabs.jira.plugins.insight.services.imports.modules.ldappackage to DEBUG (Logging and profiling page) will log more information toatlassian-jira.logabout which LDAP attributes are returned whilst listing Datalocator attributes, but the required attribute "department" is not returned:12024-04-08 08:04:32,191+0000 http-nio-8080-exec-3 url: /jsm/rest/insight/1.0/import/datalocators/3; user: admin DEBUG admin 484x569x1 2jtb70 xx.xx.xx.xx,yy.yy.yy.yy /rest/insight/1.0/import/datalocators/3 [c.r.j.p.i.s.i.modules.ldap.LdapImportModule] SearchResult from LDAP server <CN=ForeignSecurityPrincipals: null:null:{name=name: ForeignSecurityPrincipals, instancetype=instanceType: 4, usncreated=uSNCreated: 5806, usnchanged=uSNChanged: 5806, objectclass=objectClass: top, container, distinguishedname=distinguishedName: CN=ForeignSecurityPrincipals,DC=example,DC=net, objectcategory=objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=example,DC=net, objectguid=objectGUID: [B@6bca1, cn=cn: ForeignSecurityPrincipals, whencreated=whenCreated: 20240405102349.0Z, description=description: Default container for security identifiers (SIDs) associated with objects from external, trusted domains, whenchanged=whenChanged: 20240405102349.0Z, dscorepropagationdata=dSCorePropagationData: 20240405102642.0Z, 16010101000001.0Z}>
Cause
LDAP search cannot find some attributes that are not bound to the first level of search scope.
Solution
The solution here is to change "Search scope" to "SUBTREE" in the LDAP import configuration:
Was this helpful?