Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence LDAP User Intermittenly Unable to Log-in

Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 25, 2014

I am runnning Conlfuence 4.3.3 using Active Directory for authentication. I'm experiencing an issue that is similiar to:

https://answers.atlassian.com/questions/309014/ldap-authentication-not-working-confluence

The majority of our users have no problems at all. But there are a few users who are able to successfully log-in, do their work, and then log-out. When they go back to log-in again at some later time, they receive a password incorrect error.

In the atlassian-confluence.log I see the following error for each attempt the users make to log-in:

tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

At first I thought maybe their Active Directory password expired, but that wasn't an issue. I had these users reset their password just to be sure they were typing in what they thought was the correct password, that didn't work either. I double-checked they were in the correct groups to access Confluence and that was fine.

The very strange part is if these users wait some undetermined time interval and try to log-in again, it is now successful without me changing anything.

Has anyone else experienced this behavior before and have thoughts as to what might be going on?

Thank you for your help.

Answer
Watch
Like Be the first to like this
607 views

3 answers

0 votes
David Puchosic
David Puchosic October 17, 2014

Is your scenario similar to this? We have the same thing occurring and I thought there was an issue if the user is forced to change their account password on first log in. We have some users who aren't using the account to log into the domain, just web apps like Confluence.  I'll update if I can confirm this is it.

http://msdn.microsoft.com/en-us/library/aa746510(v=vs.85).aspx

Reply
0 votes
David at David Simpson Apps
David at David Simpson Apps
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
June 26, 2014

I remember experiencing a problem like this when using AD servers that were set up with round-robin DNS (aka poor mans load balancing).

Sometimes the DNS would point to an AD server that was missing in action, resulting in a failure to find the AD and so unsuccessful login.

Could you have a similar AD setup?

Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still sends requests to that failed server.

Source: Active Directory 2008: DNS Round Robin Facts…

View More Comments
Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi David,

Thank you for the suggestion. I have Confluence pointing to a DNS name that goes directly to one of our AD controllers. I actually used to have it pointing to a round-robin name, but was experiencing other unrelated issues which were resolved by pointing to to only one.

Stephen

Like
Reply
0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi Stephen,

Do you see any timeout errors on the logs? I ask you that because that behavior of not being able to authentication and after some moments succesfully authenticating is consistent with ldap timeout.

If after reviewing your logs you see any ldap timeout, please try adding the following JAVA_OPT and restarting Confluence:

-Dcom.sun.jndi.ldap.connect.pool.timeout=3

Best regards,

Felipe Alencastro

View More Comments
Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi Felipe,

I don't see any LDAP errors in my logs. But perhaps that's because I don't have the correct logging levels set. I have all logging options/levels that were set by default during the install. Can you recommend logging parameters I can change that would show more logging for LDAP?

Thank you for your help.

Stephen

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events