Unable to find the username of the principal

Symptoms

The following appears in the atlassian-stash.log and LDAP Directory synchronization fails: 

2013-05-02 19:05:03,158 INFO  [scheduler_Worker-7]  c.a.c.d.DbCachingRemoteDirectory synchronisation for directory [ 425985 ] starting
2013-05-02 19:05:03,161 ERROR [scheduler_Worker-7]  c.a.c.d.l.m.e.LDAPUserAttributesMapper The following record does not have a username: {mail=mail: user.0@maildomain.net, givenname=givenName: sultan, sn=sn: sultan, cn=cn: sultan}
2013-05-02 19:05:03,161 INFO  [scheduler_Worker-7]  c.a.c.d.DbCachingRemoteDirectory failed synchronisation complete for directory [ 425985 ] in [ 3ms ]
2013-05-02 19:05:03,191 ERROR [scheduler_Worker-7]  c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 425985 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:439) ~[crowd-ldap-2.6.2-m4.jar:na]
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:407) ~[crowd-ldap-2.6.2-m4.jar:na]
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:597) ~[crowd-ldap-2.6.2-m4.jar:na]
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:963) ~[crowd-ldap-2.6.2-m4.jar:na]

Diagnosis

Compare the user's LDIF with the Directory Configuration Summary and look for the attribute "ldap.user.username". The error occurs when there is a mismatch between the users LDIF settings and the directory settings.  


Cause

If the user name attribute set in LDAP Directory setting is different from the user name attribute in LDAP schema, Stash won't be able to find the username for the user in LDAP. This results  in "unable to find the username of the principal" error.  

Resolution 1

Update the User name attribute to match the LDAP schema

  1. Go to User Directories and Edit the directory >> User Schema Settings >> User name Attribute
  2. Update the attribute to match the username attribute in User's LDIF schema (Eg: cn, uid, sAMAccountName) 

(info) Another resolution is to update the settings in LDAP server to match the settings in Stash.

Resolution 2

Edit the filter to refine the search

  1. Go to User Directories and Edit the directory >> User Schema Settings >> User Object Filter
  2. Update the attribute to the filter used when searching user objects. Example: (&(objectclass=posixAccount)(uid=*))
    (info) This filter will only search for the users who belongs to the objectclass posixAccount with a valid uid.

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.