External LDAP Directory users cannot log in in Jira with LDAP error code 49 data 775
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Users that belong to external LDAP directories such as Crowd, Active Directory cannot log in to Jira.
The Browser says: Authentication failed.
Jira 7.x and 8.x
The following error message is present in atlassian-jira.log:
2021-09-20 14:27:57,353-0400 http-nio-8080-exec-23 ERROR anonymous 867x269792x1 1nb81f1 10.10.50.50,0:0:0:0:0:0:0:1 /rest/gadget/1.0/login [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'Active Directory server (10000)' is not functional during authentication of 'sample-user'. Skipped. 2021-09-20 14:27:57,400-0400 http-nio-8080-exec-23 ERROR anonymous 867x269792x1 1nb81f1 10.10.50.50,0:0:0:0:0:0:0:1 /rest/gadget/1.0/login [c.a.j.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'sample-user'. com.atlassian.crowd.exception.runtime.OperationFailedException Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1]
The 775 data error means the LDAP account used to set up the Jira's LDAP directory is locked in the LDAP Server.
There could be other data codes besides 775. Please check the error code (in the example above, it's 775) and match it with the description in the following table:
user not found
not permitted to logon at this time
not permitted to logon at this workstation
password expired (remember to check the user set in osuser.xml also)
user must reset password
user account locked
In the example above, the error code is 775 (user account locked).
Since the issue is often originated from Active Directory, consult with the AD administrator to unlock the account.
Once the account has been unlocked, restart Jira and try to log in again.