JIRA User From LDAP Has Passed Authentication, but can't Login (Special Character In Username)
Problem
User can not have successful log in at Log-In page, but when you refer to atlassian-jira-security.log you can sport the following log.
2015-02-16 09:23:56,213 http-bio-80-exec-14281 przemyslaw.smietana 563x2049858x1 bwnlqt XXX.XXX.XXX.XXX /rest/gadget/1.0/login The user 'przemyslaw.smietana' has PASSED authentication.This is while you will have the below authentication issue immediately after that:
2015-02-16 09:24:02,942 http-bio-80-exec-14270 anonymous 564x2049880x1 1hdetk6 XXX.XXX.XXX.XXX /rest/gadget/1.0/login login : 'przemyslaw.smietana' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2015-02-16 09:24:02,942 http-bio-80-exec-14270 anonymous 564x2049880x1 1hdetk6 XXX.XXX.XXX.XXX /rest/gadget/1.0/login The user 'przemyslaw.smietana' has FAILED authentication. Failure count equals 1
Diagnosis
Environment
- LDAP and external user directory
Diagnostic Steps
In order to check the username in different tables we can run the following queries:
select * from cwd_user where user_name= 'przemyslaw.smietana';
select * from app_user where lower_user_name = 'przemyslaw.smietana';
select * from cwd_membership where child_name = 'przemyslaw.smietana';
select * from cwd_user_attributes where user_id= (select id from cwd_user where user_name= 'przemyslaw.smietana');
Cause
As it can be seen by running the query on the app_user table which is a table to map external directory with other JIRA tables. There is a special character in username ś which prevents us to have successful authentication in JIRA but as external directory supports special characters we have successful log in at the logs too.
Workaround
To rename the username and make sure there is no special character in it
- To update lower_user_name entry in the database
Last modified on Feb 26, 2016
Powered by Confluence and Scroll Viewport.