LDAP Authentication with filter


I'm trying to add an Active Directory Authentication to YouTrack. The default configuration works fine. But if I try to add a more complex filter rule (e.g. to filter by group membership or account type), it always responds with: "LDAP failure: invalid attribute description"

Example for filter that works: "sAMAccountName=%u"

Example for filter that doesn't work: "(&(sAMAccountName=%u)(objectClass=person))"

Even that doesn't work: "(sAMAccountName=%u)"

(This is a duplicate to https://hub-support.jetbrains.com/hc/en-us/community/posts/205414990-HUB-LDAP-Authentication-how-to-filter-user-by-AD-Group- but because there seems no activity in that forum section I've posted it here)

Official comment

Hello Michael,
I'm very sorry for the delay. Unfortunately, you've faced one of our known issues: https://youtrack.jetbrains.com/issue/JPS-2889
It is fixed in the upcoming release, but in the meantime you can use the following workaround: remove the external brackets from your filter. For example, instead of `(&(sAMAccountName=%u)(objectClass=person))` write `&(sAMAccountName=%u)(objectClass=person)`
Please let me know if we can help you any further, thank you.

Please sign in to leave a comment.