Help! configure LDAP group-mapping failed

I'm failed when I configure LDAP group mapping on Build9103(TC4.5.5), any help and suggestions is greatly appreciated.

The exception is the below,
[2009-11-28 22:53:32,450]   WARN -     jetbrains.buildServer.LDAP - Error during groups synchronization: Cannot find LDAP group 'CN=PIM ESB,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com' corresponding to TeamCity user group PIM ESB {key=PIM_ESB}.
[2009-11-28 22:53:32,451]   INFO -     jetbrains.buildServer.LDAP - Sync with LDAP groups done
[2009-11-28 22:53:32,451]   INFO -     jetbrains.buildServer.LDAP - Last syncronization statistics: created users=0, updated users=0, removed users=0, users in ldap=387, matched users=3, duration=2276ms, errors=[Error during groups synchronization: Cannot find LDAP group 'CN=PIM ESB,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com' corresponding to TeamCity user group PIM ESB {key=PIM_ESB}.]


I have used JXplorer tool try to find "PIM ESB" group's DN, ...,move cursor to "PIM ESB",click right key, click 'Copy DN', paste, ... the value is "CN=PIM ESB,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com".

1, add new group(PIM ESB) in TC, generated Group Key: PIM_ESB

2, ldap-mapping.xml
<group-mapping teamcityGroupKey="PIM_ESB" ldapGroupDn="CN=PIM ESB,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com"/>

3,ldap-config.properties

java.naming.provider.url=ldap://xxxxx.corp.walmart.com:389
...
####################################################################################################
# LDAP SYNCHRONIZATION
####################################################################################################

# Set to "true" to enable the synchronization for user's properties
teamcity.options.users.synchronize=true

# Set to "true" to enable the synchronization for user's groups
teamcity.options.groups.synchronize=true

# Set to "true" to enable automatic user creation and deletion during the synchronization.
teamcity.options.createUsers=true
teamcity.options.deleteUsers=false

# The time interval between synchronizations (in milliseconds). By default, it is one hour.
teamcity.options.syncTimeout = 3600000


### MANDATORY SETTINGS ###

# The credentials to use when browsing LDAP for synchronization purposes.
# The user must have read access to all LDAP entries under 'teamcity.users.base' and 'teamcity.groups.base' (see below).
java.naming.security.principal=xxxxx
java.naming.security.credentials=yyyyy

....

### GROUPS SETTINGS ###
# These settings are mandatory if groups synchronization is turned on (ldap-mapping.xml exists)

# The groups base DN. Groups are retrieved from the LDAP subtree denoted by this DN.
# This DN should be "relative" to the root specified by "java.naming.provider.url".
# The search will be performed in LDAP subtree denoted by "java.naming.provider.url" and "teamcity.users.base" combined.
teamcity.groups.base=OU=Distribution_Universal,OU=Groups,DC=corp,DC=walmart,DC=com

# The group search filter.
# LDAP filter string to search for all groups.
teamcity.groups.filter=(objectClass=group)

# The attribute that indicates the member of the group
teamcity.groups.property.member=member


### OPTIONAL SETTINGS ###

# The name of LDAP attribute containing the DN. By default, 'distinguishedName' is used.
teamcity.property.distinguishedName=distinguishedName
...

4 comments
Comment actions Permalink

Hi James,

The problem may be with the space in group's DN. Depending on your LDAP server your might need to escape it.
Another possible reason: the search isn't configured right, so the plugin can't find any group at all.

Could you please turn on the debug logging. The plugin logs what groups are fetched from the server, it will tell you the actual source of the problem.


---
Maxim

0
Comment actions Permalink

thanks, Maxim

accordining to your guidance, I have try to configure another group "fava"(no any space), group's DN is "CN=fava,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com", meanwhile, I aslo created a new group name(fava), generated key name is "FAVA". and TeamCity server run in "debug" mode all the time.


ldap-mapping.xml
<group-mapping teamcityGroupKey="FAVA" ldapGroupDn="CN=fava,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com"/>

teamcity-ldap.log

....
[2009-11-30 19:44:56,441]  DEBUG -     jetbrains.buildServer.LDAP - Fetched groups: [
....
[group:dn='CN=fava,OU=Distribution_Universal,OU=Groups,DC=corp,DC=walmart,DC=com',members=[CN=Fulfillops-notify,OU=Distribution_Universal,OU=Groups,DC=corp,DC=walmart,DC=com, CN=Curtis Allen,OU=Users,OU=XP Standard Build,DC=corp,DC=walmart,DC=com]]

......

[2009-11-30 19:44:56,716]   WARN -     jetbrains.buildServer.LDAP - Error during groups synchronization: Cannot find LDAP group 'CN=fava,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com' corresponding to TeamCity user group fava {key=FAVA}.
[2009-11-30 19:44:56,716]   INFO -     jetbrains.buildServer.LDAP - Sync with LDAP groups done
[2009-11-30 19:44:56,716]   INFO -     jetbrains.buildServer.LDAP - Last syncronization statistics: created users=0, updated users=0, removed users=0, users in ldap=387, matched users=3, duration=2321ms, errors=[Error during groups synchronization: Cannot find LDAP group 'CN=fava,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com' corresponding to TeamCity user group fava {key=FAVA}.]

thanks,

James

0
Comment actions Permalink

Hi James,

The two group DNs (fetched and specified by you):
CN=fava,OU=Distribution_Universal,OU=Groups,DC=corp,DC=walmart,DC=com
CN=fava,OU=Distribution_Universal,OU=Groups,dc=corp,dc=walmart,dc=com

So could you please change the case of DCs and try again?
This looks like a bug of TeamCity, but I'm not sure if LDAP DNs are always case insensitive. Anyway thanks for reporting this.


---
Maxim

0
Comment actions Permalink

thanks again, Maxim

you are right,  it can work fine now after I changed the case of DC.

James

0

Please sign in to leave a comment.