Upgrade to Bamboo v6.6+ versions fail on task 60601: Property userSearchFilter does not define objectClass or objectCategory filter
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
On Bamboo v6.6+ versions, we introduced the embedded crowd functionality and this requires that all LDAP parameters previously set on the atlassian-user.xml file be converted to the new architecture.
The following appears in the atlassian-bamboo.log
2018-07-16 21:53:13,429 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,430 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap)
2018-07-16 21:53:13,431 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,465 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: PUBLIC
2018-07-16 21:53:13,515 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository]
2018-07-16 21:53:13,521 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@645d2561]
2018-07-16 21:53:13,524 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [ldapRepository]
2018-07-16 21:53:13,559 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property userSearchFilter does not define objectClass or objectCategory filter
2018-07-16 21:53:13,560 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [ldapRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@75a14151]
2018-07-16 21:53:13,568 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed
java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.lambda$doUpgrade$0(AtlassianUserRepositoriesAreValid.java:46)
at com.atlassian.bamboo.upgrade.AbstractBootstrapUpgradeTask.withDatabaseConnection(AbstractBootstrapUpgradeTask.java:65)
at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:38)
at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:33)
at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTask(BootstrapUpgradeManagerImpl.java:134)
at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.lambda$runValidationTasks$0(BootstrapUpgradeManagerImpl.java:93)
at com.atlassian.bamboo.upgrade.AbstractUpgradeManager.forEachTask(AbstractUpgradeManager.java:151)
at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTasks(BootstrapUpgradeManagerImpl.java:93)
at com.atlassian.bamboo.setup.DefaultBootstrapManager.runValidationTasks(DefaultBootstrapManager.java:373)
at com.atlassian.bamboo.setup.DefaultBootstrapManager.performPersistenceUpgrade(DefaultBootstrapManager.java:277)
at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.init(DefaultAtlassianBootstrapManager.java:77)
at com.atlassian.bamboo.setup.BootstrapLoaderListener.contextInitialized(BootstrapLoaderListener.java:116)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4842)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
... 21 more
2018-07-16 21:53:13,581 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
Diagnosis
Environment
- Bamboo integrated to Active Directory
Diagnostic Steps
- Open the
bamboo-home/xml-data/configuration/atlassian-user.xml
Double check if the user search filter is set as fallows:
<userSearchFilter>(sAMAccountName=*)</userSearchFilter>
Cause
The upgrade task is not being able to parse the atlassian-user.xml file and check if the LDAP configuration is valid before copying it to Embedded Crowd.
Resolution
Use a different parameter on the <userSearchFilter>.
Microsoft suggests that when connecting to Windows Active Directory, the filter to be used should be:
Filter | Description |
---|---|
(objectClass=user)(objectCategory=person) | Because the computer class is a subclass of user, a query containing only (objectClass=user) would return user objects and computer objects. Also, the object category of the user object is person (not user); therefore, the expression (objectCategory=user) does not return any users. If you use the expression (objectCategory=person), the query returns user objects and contact objects. Users can be placed in any container or organizational unit in a domain as well as the root of the domain. This means that users can be in numerous locations in the directory hierarchy. You can perform a deep search for "(objectCategory=user)" to find all users in a container, organizational unit, domain, domain tree, or forest - depending on the object that the IDirectorySearch pointer you are using is bound to. Extracted from Querying for Users. |
(!userAccountControl:1.2.840.113556.1.4.803:=2) | Filters out disabled accounts |
If using a different Active Directory other than Windows Active Directory, you should append either (objectClass=user), (objectCategory=person) or (objectClass=user)(objectCategory=person). Please, make sure the property to be appended exists in your Active Directory beforehand.