Local Users Can't Log in, but LDAP Users Can after Upgrade to v4.3

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

When using LDAP in JIRA v4.2 or earlier with a mixture of LDAP authenticated users and locally authenticated users, after upgrade to JIRA v4.3.0, the LDAP users can log in, but local users are no longer able to log in.

Cause

During upgrade to v4.3 all users are migrated to the "LDAP Authentication" user Directory. Only users in the "Internal Directory" can log in through a local password, but no users are in here. See JRA-23858

Prevention

Do not upgrade to v4.3.0 if using mixed authentication, LDAP and local. Instead, wait for v4.3.1 which will migrate the users into two separate directories.

(info) Note that if you have already upgraded to v4.3, then simply upgrading from there to v4.3.1 will NOT help because the relevant upgrade tasks will have already been run in v4.3.

Resolution

If you have already done this and cannot revert, there are two options

Option 1: Move to a "full" LDAP directory
(info) The old OSUser LDAP support only used LDAP for password authentication, so this move is beneficial to many organisations anyway.

  1. Set up an LDAP (or Microsoft AD) User Directory and then disable the "LDAP-auth" directory.
  2. Manually add the local users back in after you disable the "LDAP-auth" directory.

Option 2: Add local users to LDAP
If you set up accounts in the LDAP server for the "missing" users, then they will be able to log in.

Option 3: Move the users directory via SQL

This is possible but difficult and risky

(info) Note that if you were to do this then you need to restart JIRA in order to refresh the user caches.

Option 4: Delete the users from "LDAP-auth" directory and add them to Internal Directory

It is highly likely that JIRA will not let you delete these users (eg if they have reported bugs or are assignees), in which case you would need to delete directly from the DB with SQL.

Also note that JIRA currently will only add users to the first writable directory, so you will need to temporarily move the Internal Directory to the top to add the users.

Last modified on Feb 26, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.