External LDAP Directory users cannot log in in Jira with LDAP error code 49 data 775

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

    

Summary

Users that belong to external LDAP directories such as Crowd, Active Directory cannot log in to Jira.
The Browser says: Authentication failed.



Environment

Jira 7.x and 8.x
.

Diagnosis

The following error message is present in atlassian-jira.log:

2021-09-20 14:27:57,353-0400 http-nio-8080-exec-23 ERROR anonymous 867x269792x1 1nb81f1 10.10.50.50,0:0:0:0:0:0:0:1 /rest/gadget/1.0/login [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'Active Directory server (10000)' is not functional during authentication of 'sample-user'. Skipped.
2021-09-20 14:27:57,400-0400 http-nio-8080-exec-23 ERROR anonymous 867x269792x1 1nb81f1 10.10.50.50,0:0:0:0:0:0:0:1 /rest/gadget/1.0/login [c.a.j.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'sample-user'.
com.atlassian.crowd.exception.runtime.OperationFailedException

Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1]



Cause


The 775 data error means the LDAP account used to set up the Jira's LDAP directory is locked in the LDAP Server.

(info) There could be other data codes besides 775. Please check the error code (in the example above, it's 775) and match it with the description in the following table:

525

user not found

52e

invalid credentials

530

not permitted to logon at this time

531

not permitted to logon at this workstation

532

password expired (remember to check the user set in osuser.xml also)

533

account disabled

701

account expired

773

user must reset password

775

user account locked

In the example above, the error code is 775 (user account locked).

Solution

Since the issue is often originated from Active Directory, consult with the AD administrator to unlock the account.
Once the account has been unlocked, restart Jira and try to log in again.


Last modified on Sep 22, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.