Upgrade to Bamboo v6.6+ versions fail on task 60601: Property userSearchFilter does not define objectClass or objectCategory filter

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


Problem

On Bamboo v6.6+ versions, we introduced the embedded crowd functionality and this requires that all LDAP parameters previously set on the atlassian-user.xml file be converted to the new architecture.

The following appears in the atlassian-bamboo.log

2018-07-16 21:53:13,429 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,430 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap)
2018-07-16 21:53:13,431 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 21:53:13,465 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: PUBLIC
2018-07-16 21:53:13,515 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository]
2018-07-16 21:53:13,521 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@645d2561]
2018-07-16 21:53:13,524 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [ldapRepository]
2018-07-16 21:53:13,559 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property userSearchFilter does not define objectClass or objectCategory filter
2018-07-16 21:53:13,560 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [ldapRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@75a14151]
2018-07-16 21:53:13,568 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed
java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.lambda$doUpgrade$0(AtlassianUserRepositoriesAreValid.java:46)
	at com.atlassian.bamboo.upgrade.AbstractBootstrapUpgradeTask.withDatabaseConnection(AbstractBootstrapUpgradeTask.java:65)
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:38)
	at com.atlassian.bamboo.upgrade.tasks.validation.AtlassianUserRepositoriesAreValid.doUpgrade(AtlassianUserRepositoriesAreValid.java:33)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTask(BootstrapUpgradeManagerImpl.java:134)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.lambda$runValidationTasks$0(BootstrapUpgradeManagerImpl.java:93)
	at com.atlassian.bamboo.upgrade.AbstractUpgradeManager.forEachTask(AbstractUpgradeManager.java:151)
	at com.atlassian.bamboo.upgrade.BootstrapUpgradeManagerImpl.runValidationTasks(BootstrapUpgradeManagerImpl.java:93)
	at com.atlassian.bamboo.setup.DefaultBootstrapManager.runValidationTasks(DefaultBootstrapManager.java:373)
	at com.atlassian.bamboo.setup.DefaultBootstrapManager.performPersistenceUpgrade(DefaultBootstrapManager.java:277)
	at com.atlassian.config.bootstrap.DefaultAtlassianBootstrapManager.init(DefaultAtlassianBootstrapManager.java:77)
	at com.atlassian.bamboo.setup.BootstrapLoaderListener.contextInitialized(BootstrapLoaderListener.java:116)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4842)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5303)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1407)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1397)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
	... 21 more
2018-07-16 21:53:13,581 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.

Diagnosis

Environment

  • Bamboo integrated to Active Directory

Diagnostic Steps

  • Open the bamboo-home/xml-data/configuration/atlassian-user.xml
  • Double check if the user search filter is set as fallows:

    <userSearchFilter>(sAMAccountName=*)</userSearchFilter>

Cause

The upgrade task is not being able to parse the atlassian-user.xml file and check if the LDAP configuration is valid before copying it to Embedded Crowd.

Resolution

Use a different parameter on the <userSearchFilter>.

Microsoft suggests that when connecting to Windows Active Directory, the filter to be used should be:

FilterDescription
(objectClass=user)(objectCategory=person)

Because the computer class is a subclass of user, a query containing only (objectClass=user) would return user objects and computer objects. Also, the object category of the user object is person (not user); therefore, the expression (objectCategory=user) does not return any users. If you use the expression (objectCategory=person), the query returns user objects and contact objects.

Users can be placed in any container or organizational unit in a domain as well as the root of the domain. This means that users can be in numerous locations in the directory hierarchy. You can perform a deep search for "(objectCategory=user)" to find all users in a container, organizational unit, domain, domain tree, or forest - depending on the object that the IDirectorySearch pointer you are using is bound to.

Extracted from Querying for Users.

(!userAccountControl:1.2.840.113556.1.4.803:=2)Filters out disabled accounts

If using a different Active Directory other than Windows Active Directory, you should append either (objectClass=user), (objectCategory=person) or (objectClass=user)(objectCategory=person). Please, make sure the property to be appended exists in your Active Directory beforehand.

Last modified on Jul 17, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.