Confluence LDAP User Intermittenly Unable to Log-in

I am runnning Conlfuence 4.3.3 using Active Directory for authentication. I'm experiencing an issue that is similiar to:

https://answers.atlassian.com/questions/309014/ldap-authentication-not-working-confluence

The majority of our users have no problems at all. But there are a few users who are able to successfully log-in, do their work, and then log-out. When they go back to log-in again at some later time, they receive a password incorrect error.

In the atlassian-confluence.log I see the following error for each attempt the users make to log-in:

tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

At first I thought maybe their Active Directory password expired, but that wasn't an issue. I had these users reset their password just to be sure they were typing in what they thought was the correct password, that didn't work either. I double-checked they were in the correct groups to access Confluence and that was fine.

The very strange part is if these users wait some undetermined time interval and try to log-in again, it is now successful without me changing anything.

Has anyone else experienced this behavior before and have thoughts as to what might be going on?

Thank you for your help.

3 answers

Hi Stephen,

Do you see any timeout errors on the logs? I ask you that because that behavior of not being able to authentication and after some moments succesfully authenticating is consistent with ldap timeout.

If after reviewing your logs you see any ldap timeout, please try adding the following JAVA_OPT and restarting Confluence:

-Dcom.sun.jndi.ldap.connect.pool.timeout=3

Best regards,

Felipe Alencastro

Hi Felipe,

I don't see any LDAP errors in my logs. But perhaps that's because I don't have the correct logging levels set. I have all logging options/levels that were set by default during the install. Can you recommend logging parameters I can change that would show more logging for LDAP?

Thank you for your help.

Stephen

0 vote
David Simpson Community Champion Jun 26, 2014

I remember experiencing a problem like this when using AD servers that were set up with round-robin DNS (aka poor mans load balancing).

Sometimes the DNS would point to an AD server that was missing in action, resulting in a failure to find the AD and so unsuccessful login.

Could you have a similar AD setup?

Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still sends requests to that failed server.

Source: Active Directory 2008: DNS Round Robin Facts…

Hi David,

Thank you for the suggestion. I have Confluence pointing to a DNS name that goes directly to one of our AD controllers. I actually used to have it pointing to a round-robin name, but was experiencing other unrelated issues which were resolved by pointing to to only one.

Stephen

Is your scenario similar to this? We have the same thing occurring and I thought there was an issue if the user is forced to change their account password on first log in. We have some users who aren't using the account to log into the domain, just web apps like Confluence.  I'll update if I can confirm this is it.

http://msdn.microsoft.com/en-us/library/aa746510(v=vs.85).aspx

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

346 views 20 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you