Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP User Filter

IT ADVITOS
IT ADVITOS May 23, 2018

Hi,

on my server instance I want to configure a user filter, but I get the error shown below.

What I want to do works for confluence user fitlers.

Here is the filter I want to apply:

(&(objectCategory=person)(sAMAccountName=*)(|(memberOf=CN=AUG AJI Users,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG AJI System Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG AJI Service Desk,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG AJI Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ABA Users,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ABA System Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ABA Creators,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)))

Result is the given error.

The following filter is working; 

(&(objectCategory=person)(sAMAccountName=*)(|(memberOf=CN=AUG AJI Users,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)))

Basically every OR seperated value is working in singular. But if i concatenate two of them I get the error.

For my confluence settings a similar filter is just working fine:

(&(objectCategory=person)(sAMAccountName=*)(|(memberOf=CN=AUG ACO Users,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ACO System Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ACO Space Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)
(memberOf=CN=AUG ACO Admins,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)))

Error:

Technical details
Log's referral number: 1c381f37-b5c0-41f2-beb7-05409b85e894

Cause
Referer URL: https://jira.hepawash.com/plugins/servlet/embedded-crowd/configure/ldap/?directoryId=10000&xsrfTokenName=atl_token&xsrfTokenValue=f1860613399ea12fd25e1909114ec3b58406024e

Request processing failed; nested exception is com.atlassian.jira.exception.DataAccessException: org.ofbiz.core.entity.GenericEntityException: while inserting: [GenericEntity:DirectoryAttribute][name,ldap.user.filter][directoryId,10000][value,(&(objectCategory=person)(sAMAccountName=*)(|(memberOf=CN=AUG AJI Users,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)(memberOf=CN=AUG ABA Creators,OU=Development Services,OU=Application Usage,OU=Groups,OU=Company,DC=HepaWash,DC=loc)))] (SQL Exception while executing the following:INSERT INTO dbo.cwd_directory_attribute (directory_id, attribute_name, attribute_value) VALUES (?, ?, ?) (Data truncation))

Answer
Watch
Like Be the first to like this
1225 views

1 answer

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 23, 2018

Hi @IT ADVITOS

This is unfortunately a known bug in Jira.  There is a limitation on the length of the database field that stores your LDAP filter.  You can read more on this bug in https://jira.atlassian.com/browse/JRASERVER-36979

In short, Jira is only able to store LDAP filters natively that are 256 characters or less.  From looking at your first filter, it's 864 characters, and your second is 514 characters.   However there is a work-around for this.  Please see the KB: Data truncation due to data too long for column

In the examples there, they explain how you can run these SQL commands to extend that size of that field to 400 characters, but obviously in your case, you are probably going to want to expand it to at least 900 characters in order to accommodate these filters you have.

I would recommend that you stop Jira before you try this, AND that you take a backup of your Jira database before making these changes.   If you're using postgresql for the Jira database, you could then try to change the database fields with the following commands:

alter table cwd_group alter column description type varchar (900);
alter table cwd_group alter column lower_description type varchar (900);
alter table cwd_directory_attribute alter column attribute_value type varchar (900);

The syntax might be different for other database types such as mysql, ms sql, or oracle. 

Please let me know if you have any questions or concerns about this.

Andy

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.