External LDAP users fail to authenticate to Jira server

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Specific user(s) fail consistently to login JIRA.

The following appears in the atlassian-jira.log:

http-bio-8443-exec-36568 anonymous 156x3887640x1 108ig3h 127.0.0.1 /login.jsp login : 'user_one' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
http-bio-8443-exec-36568 anonymous 156x3887640x1 108ig3h 127.0.0.1 /login.jsp The user 'user_one' has FAILED authentication. Failure count equals 2
http-bio-8443-exec-36568 anonymous 156x3887640x1 108ig3h 127.0.0.1 /login.jsp login.jsp called with lastLoginResult : com.atlassian.jira.bc.security.login.LoginResultImpl@5aca742[reason=AUTHENTICATED_FAILED,loginInfo=com.atlassian.jira.bc.security.login.LoginInfoImpl@2431c0e4[lastLoginTime=<null>,previousLoginTime=<null>,loginCount=<null>,currentFailedLoginCount=2,totalFailedLoginCount=2,lastFailedLoginTime=1425263766957,elevatedSecurityCheckRequired=false,maxAuthenticationAttemptsAllowed=3],userName=user_one,deniedReasons<com.atlassian.jira.bc.security.login.LoginResultImpl@5aca742[reason=AUTHENTICATED_FAILED,loginInfo=com.atlassian.jira.bc.security.login.LoginInfoImpl@2431c0e4[lastLoginTime=%3cnull%3e,previousLoginTime=%3cnull%3e,loginCount=%3cnull%3e,currentFailedLoginCount=2,totalFailedLoginCount=2,lastFailedLoginTime=1425263766957,elevatedSecurityCheckRequired=false,maxAuthenticationAttemptsAllowed=3],userName=user_one,deniedReasons>=[]]

Diagnosis

  • JIRA is connected to external user directories using Delegated LDAP Authentication
  • 'Copy User on Login' option is not enabled

Cause

The ldap.user.dn parameter was configured but is hidden due to 'Copy User on Login' option is not enabled in JIRA.

Resolution

  1. Edit the Delegated LDAP Authentication
  2. Enable the Copy User on Login option
  3. Look for User Schema Settings dropdown
  4. For Additional User DN, remove the ldap.user.dn value. Leave the field value empty.
  5. Select Test settings , then Save and Test

Last modified on Nov 25, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.