Our LDAP Users are Unable to Login After Upgrade

S_ Toyo August 6, 2019

Can someone tell us how to fix this? None of us can login to our own confluence after the upgrade.......

1 comment

Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 6, 2019

Hi S.Toyo, 

Below are few questions on the issue,

Do you see any errors in the logs file during the authentication of a LDAP user?

Did you upgrade the confluence or migrated to a different server? 

Did you try to click on Synchronise option under user directories of confluence? Any errors reported?

Are you using LDAP or LDAPS? If its LDAPS? did the SSL certs installed in JAVA keystore?

 

thanks

Shankar

S_ Toyo August 6, 2019

@Shankar Asam {Appfire}I do see some weird looking active directory failures in our logs.

 

We just upgraded our confluence not migrate to a different server.

 

We have not clicked on synchronize option under the User Directories yet. In order for us to even get back into our confluence we had to figure out what was our local admin account. Because that was literally the ONLY account that worked after we upgraded. It killed everyone elses access to get into our Confluence page.

 

I believe we are using just LDAP. How can I tell if we are using LDAPS? I was not the previous person who setup and install our Confluence. I am just the person upgrading it for the first time. So I am new to this. But I did notice that before I upgraded that server.xml file did have a section in it that had a keystore password. I am not quite sure what to do with that so I just copy + pasted it into the newly created server.xml after I upgraded Confluence......

 

So I am not sure how to RE-INSTALL the SSL cert into the JAVA keystore? I do notice that when we try now access our confluence page through Chrome browser it asks if I want to trust this website. Is this because I didn't re-import my cert? Please help!

Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 6, 2019

The errors in the logs will tell us what kind of issue you're running into. If you're unable to figure out the admin account name, you could look at below article from Atlassian on identifying the admin account.

https://confluence.atlassian.com/conf64/restore-passwords-to-recover-admin-user-rights-936511358.html

Once, you're able to identify - login in with local admin account (internal) and try checking the synchronise option and also will be able to see the directory configuration summary to identify LDAP vs LDAPS. 

The keystore related stuff in server.xml tells that your confluence is running on HTTPS. check the server.xml to see where the keystore file was located and try to restore it or available to the new confluence. If required, you might need to point your JAVA_HOME to the older JAVA_HOME used by your previous installation  and check if the issue gets resolved. You can also visit the below link for SSL certs import;

https://confluence.atlassian.com/conf63/running-confluence-over-ssl-or-https-929729905.html

 

Regards,

Like S_ Toyo likes this
S_ Toyo August 7, 2019

@Shankar Asam {Appfire}I tried to login and synchronize and it failed.

 

2019-08-07_13-44-27.png

Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 8, 2019

It's certainly SSL certs issue. You are connecting the LDAP over SSL so it requires the LDAP certs should be loaded into your Confluence's Java Keystore. Please see the following KB article from Atlassian on Importing certs. 

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html

-Shankar

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events