I am runnning Conlfuence 4.3.3 using Active Directory for authentication. I'm experiencing an issue that is similiar to:
The majority of our users have no problems at all. But there are a few users who are able to successfully log-in, do their work, and then log-out. When they go back to log-in again at some later time, they receive a password incorrect error.
In the atlassian-confluence.log I see the following error for each attempt the users make to log-in:
tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
At first I thought maybe their Active Directory password expired, but that wasn't an issue. I had these users reset their password just to be sure they were typing in what they thought was the correct password, that didn't work either. I double-checked they were in the correct groups to access Confluence and that was fine.
The very strange part is if these users wait some undetermined time interval and try to log-in again, it is now successful without me changing anything.
Has anyone else experienced this behavior before and have thoughts as to what might be going on?
Thank you for your help.
Do you see any timeout errors on the logs? I ask you that because that behavior of not being able to authentication and after some moments succesfully authenticating is consistent with ldap timeout.
If after reviewing your logs you see any ldap timeout, please try adding the following JAVA_OPT and restarting Confluence:
I don't see any LDAP errors in my logs. But perhaps that's because I don't have the correct logging levels set. I have all logging options/levels that were set by default during the install. Can you recommend logging parameters I can change that would show more logging for LDAP?
Thank you for your help.
I remember experiencing a problem like this when using AD servers that were set up with round-robin DNS (aka poor mans load balancing).
Sometimes the DNS would point to an AD server that was missing in action, resulting in a failure to find the AD and so unsuccessful login.
Could you have a similar AD setup?
Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still sends requests to that failed server.
Thank you for the suggestion. I have Confluence pointing to a DNS name that goes directly to one of our AD controllers. I actually used to have it pointing to a round-robin name, but was experiencing other unrelated issues which were resolved by pointing to to only one.
Is your scenario similar to this? We have the same thing occurring and I thought there was an issue if the user is forced to change their account password on first log in. We have some users who aren't using the account to log into the domain, just web apps like Confluence. I'll update if I can confirm this is it.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs