Some users unable to login after upgrading JIRA

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products will end after February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


  1. After upgrading from JIRA 6.1.7 to JIRA 6.4.7 , some users are unable to login.
  2. The following appears in the atlassian-jira.log

    2015-07-10 09:23:33,039 http-bio-4443-exec-3 anonymous 563x2792x1 1ipni8u /login.jsp The user 'xxxxx' has FAILED authentication. Failure count equals 1
    2015-07-10 09:23:47,551 http-bio-4443-exec-25 anonymous 563x2795x1 1ipni8u /login.jsp login : 'xxxxx' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
    2015-07-10 09:23:47,585 http-bio-4443-exec-25 anonymous 563x2795x1 1ipni8u /login.jsp The user 'xxxxx' has FAILED authentication. Failure count equals 2
  3. Using delegated authentication ( Copy User on Login )
  4. Found more errors from the atlassian-jira.log

2015-07-07 16:34:47,667 http-bio-4443-exec-19 INFO anonymous 973x768x7 1wkrh1r /login.jsp [] Timed call for search using searchexecutor$11@277930e0 took 1261594ms
2015-07-07 16:34:47,667 http-bio-4443-exec-19 ERROR anonymous 973x768x7 1wkrh1r /login.jsp [crowd.manager.application.ApplicationServiceGeneric] Directory 'XXX LDAP Authentication' is not functional during authentication of 'xxxxx'. Skipped.
2015-07-07 16:34:47,668 http-bio-4443-exec-19 ERROR anonymous 973x768x7 1wkrh1r /login.jsp [] Error occurred while trying to authenticate user 'xxxxx'.
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(
Caused by: org.springframework.ldap.ServiceUnavailableException:; socket closed; nested exception is javax.naming.ServiceUnavailableException:; socket closed; remaining name 'o=xxx,c=an'


Diagnostic Steps

  • Enable DEBUG for the package below via Logging and Profiling:

  • We can see that it appears to be doing a lookup on entryUUID
Performing user search: baseDN = o=xxx,c=an - filter = (&(objectclass=inetorgperson)(alias=xxxxx))
2015-07-15 13:39:40,920 http-bio-4443-exec-17 DEBUG anonymous 819x11718x4 - /rest/gadget/1.0/login [] Got Ldap context on server 'ldaps://'
2015-07-15 13:39:40,942 http-bio-4443-exec-17 INFO anonymous 819x11718x4 - /rest/gadget/1.0/login [] Timed call for search using searchexecutor$11@10181307 took 3365ms
2015-07-15 13:39:40,942 http-bio-4443-exec-17 DEBUG anonymous 819x11718x4 - /rest/gadget/1.0/login [] Authenticating user 'xxxxx' with DN 'cn=xxxxx xxxxx  452099,ou=employee,o=xxx,c=an'
2015-07-15 13:39:41,162 http-bio-4443-exec-17 DEBUG anonymous 819x11718x4 - /rest/gadget/1.0/login [] Performing user search: baseDN = o=xxx,c=an - filter = (&(objectclass=inetorgperson)(entryUUID=xxxxx-20081117))


  • This is configured in the User Directory configuration. 
  "": "entryUUID"
  • It's the User Unique ID Attribute as per Connecting to an LDAP Directory. This was added in JIRA 6.2 according to the documentations :
    This should normally point to a UUID value. Standards-compliant LDAP servers will implement this as 'entryUUID' according to RFC 4530. This setting exists because it is known under different names on some servers, e.g. 'objectGUID' in Microsoft Active Directory.
  •  According to the RFC 4530 this is supposed to be an available attribute within directory servers, and Sun One has documentation on it here :


  1. Identify the appropriate unique identifier to set instead of the current value, or remove it from the directory configuration.
    Example : Change the entryUUID with uid in the directory definition.
Last modified on Mar 30, 2016

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.