Using Wildcards in LDAP userSearch queries

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

This article only applies to Bamboo versions below 6.6

Problem

Writing LDAP userSearch queries for multiple Active Directory groups with memberOf filters can quickly become a long string of OR-concatenated filters.

Shortening these should be possible with wildcards *, but this will not work when configured in Bamboo's atlassian-user.xml file.

Cause

Unfortunately, the LDAP services themselves do not support wildcarding of memberOf and other "Distinguished Name" attributes.

From Active Directory: LDAP Syntax Filters - TechNet Articles (TechNet Wiki):

The wildcard character * is allowed, except when the <AD Attribute> is a DN attribute. Examples of DN attributes are distinguishedName, manager, directReports, member, and memberOf.

Resolution

Since the wildcards are not supported, the only solution is to use longer LDAP userSearch queries.

Updated on April 7, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community