LDAP users unable to login due to incorrect User Name Attribute

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

LDAP integration is set using an internal directory with LDAP authentication. When an LDAP user attempts to log in to a JIRA application, the following appears in the atlassian-jira-security.log:

2013-06-14 17:34:08,038 http-8090-2 anonymous 1054x280x1 12rcd8y 127.0.0.1 /rest/gadget/1.0/login login : 'user_01' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

Cause

The attribute defined in the field User Name Attribute of the LDAP directory configuration in the JIRA application is not the correct one to map user names.

Resolution

  1. Use an LDAP browser, such as JXplorer or Apache Directory Studio, to connect to the LDAP server and check the correct attribute for username.
    (info) This attribute must be unique. This attribute should return only one value from the LDAP server.
    (info) The User Name Attribute may vary depending on your LDAP distribution or scheme configuration, but some common attributes are sAMAccountName for Microsoft Active Directory and UID for most LDAP implementations based on OpenLDAP.
  2. Log in to the JIRA application as an internal administrator;

  3. Edit the LDAP directory settings and update the attribute in the User Name Attribute field to use the correct one.
Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article

In this section

Powered by Confluence and Scroll Viewport.