LDAP Users Unable to Login Due to 'There was an error converting the SearchResult'

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

When configuring an LDAP integration, LDAP users are unable to login. The following appears in the atlassian-confluence.log:

[11:52:59] ERROR There was an error converting the SearchResult: uid=husein: null:null:{uid=uid: husein, cn=cn: husein} into an entity or entities.
java.lang.NullPointerException
at javax.naming.directory.BasicAttributes.get(BasicAttributes.java:144)
at com.atlassian.user.impl.ldap.DefaultLDAPUserFactory.getUser(DefaultLDAPUserFactory.java:46)
at com.atlassian.user.impl.ldap.DefaultLDAPUserFactory.getEntity(DefaultLDAPUserFactory.java:106)
at com.atlassian.user.impl.ldap.DefaultLDAPUserFactory.getEntity(DefaultLDAPUserFactory.java:16)
at com.atlassian.user.impl.ldap.search.page.LDAPEntityPager.preloadSearchResult(LDAPEntityPager.java:34)
at com.atlassian.user.impl.ldap.search.page.AbstractLDAPPager.fetch(AbstractLDAPPager.java:122)
...

There is also a variant stack trace:

java.lang.NullPointerException
at javax.naming.InitialContext.getURLScheme(InitialContext.java:286)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:335)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:104)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265)
at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:78)
at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:54)
at com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.getUser(LDAPUserManagerReadOnly.java:70)
...

Cause

The issue is caused due to missing attributes in {{atlassian-user.xml}}, which is required by atlassian-user library The missing attributes could be any one of the following:

  • <firstnameAttribute>...</firstnameAttribute> 
  • <surnameAttribute>...</surnameAttribute> 
  • <membershipAttribute>department</membershipAttribute>

Resolution

Ensure that the required attributes exist in atlassian-user.xml. A bare minimum setting will look like:

<ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
    <host>hecate.atlassian.com</host>
    <port>389</port>
    <securityPrincipal>cn=admin,dc=atlassian,dc=private</securityPrincipal>
    <securityCredential>secret</securityCredential>
    <securityProtocol>plain</securityProtocol>
    <securityAuthentication>simple</securityAuthentication>
    <baseContext>dc=atlassian,dc=private</baseContext>
    <baseUserNamespace>dc=staff,dc=perftest,dc=atlassian,dc=private</baseUserNamespace>
    <baseGroupNamespace>dc=groups,dc=perftest,dc=atlassian,dc=private</baseGroupNamespace>
    <usernameAttribute>cn</usernameAttribute>
    <userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
    <firstnameAttribute>givenname</firstnameAttribute>
    <surnameAttribute>sn</surnameAttribute>
    <emailAttribute>mail</emailAttribute>
    <groupnameAttribute>cn</groupnameAttribute>
    <groupSearchFilter>(objectClass=groupOfNames)</groupSearchFilter>
    <membershipAttribute>member</membershipAttribute>
</ldap>

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.