Problem

Somehow, some users unable to login anymore and JIRA appears to be deleting the users or setting it to Inactive(Disabled) when searching for the user in JIRA Administration Page > User Management > Users.

Diagnosis

Environment

• JIRA is integrated with OpenLDAP

Diagnostic Steps

• Navigate to JIRA Administration Page > System > System Support > Audit Log and check if a set of users coming from the OpenLDAP directory is deleted/disabled at the same time.

• Check in the atlassian-jira.log to see how many users that JIRA is syncing/importing from the OpenLDAP.

2018-09-27 08:34:43,291 Caesium-1-4 INFO ServiceRunner     [c.a.c.d.ldap.cache.RemoteDirectoryCacheRefresher] found [ 500 ] remote users in [ 42 ms ]

• Confirm with the OpenLDAP Administrator that the amount of users inside the configured Base DN in JIRA is more than what JIRA is syncing. For example from above, there is actually more than 500 Users.

Cause

JIRA unable to sync more users due to the sizelimit/olcSizeLimit configured on OpenLDAP side. For example, the default limit is 500 for Client.

Resolution

Work with the OpenLDAP Administrator to increase the sizelimit/olcSizeLimit in order for JIRA to retrieve more users. The settings could be in either of the two configuration files below:

• "slapd.conf" with its sizelimit
• "/etc/ldap/slapd.d/cn=config.ldif" with its olcSizeLimit.

• LDIF example: 

  cat > sizelimit.ldif 
  dn: cn=config
  changetype: modify
  replace: olcSizeLimit
  olcSizeLimit: 10000
  
  ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f sizelimit.ldif

Resource:

• https://www.openldap.org/doc/admin24/limits.html
• https://serverfault.com/questions/831596/openldap-sizelimit-cant-receive-more-than-500-entries