LDAP users fail to authenticate with response timeout errors in logs in Jira server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

User unable to login into JIRA applications.

The following appears in the atlassian-jira.log:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 com.atlassian.crowd.exception.runtime.OperationFailedException at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:883) at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:93) at com.atlassian.jira.security.login.LoginManagerImpl$InternalStaticDependencies.authenticate(LoginManagerImpl.java:383) at com.atlassian.jira.security.login.LoginManagerImpl.authenticateWithoutElevatedCheck(LoginManagerImpl.java:184) at com.atlassian.jira.web.action.admin.WebSudoAuthenticate.doValidation(WebSudoAuthenticate.java:83) ... Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name 'ou=people,o=millenniumit.com,o=isp' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:215) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319) ... Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name 'ou=people,o=somecompany.com,o=someorg' at com.sun.jndi.ldap.Connection.readReply(Connection.java:448) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:611) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:534)

Cause

  • The LDAP directory is so large that JIRA applications fail to find the user before the timeout.

or

  • There have been cases where the enabled 'Follow Referral' option causes the same behavior.

Resolution

Option 1:

  1. Go to Administration > Users > User Directories

  2. Edit the LDAP directory

  3. Increase the value of Read Timeout

Option 2:

  1. Go to Administration > Users > User Directories

  2. Edit the LDAP directory

  3. Disable the Follow Referral option

Updated on April 8, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community