Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Java error with Crowd and Confluence

Deleted user April 11, 2018

After several Q&A here I have managed to configure Crowd with a LDAP connector and to connect it with one of our Confluence instances.

However when I try to login to Confluence with my LDAP userID I get an error message "Sorry, an error occurred trying to log you in."

If I enter a random password, I get "Sorry, your username and/or password are incorrect." So the connection to LDAP through Crowd seems to work.

Both the Crowd and the Confluence logs show Java errors. If someone can tell me how to attach files here or where to send them, I can make them available - as well as the Crowd support zip.

First lines of confluence error log:

2018-04-11 14:59:55,489 ERROR [http-nio-8090-exec-5] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Crowd Server' is not functional during authentication of 'mchjbaus'. Skipped.
 -- referer: http://dolly2.abg.fsc.net:8090/dologin.action | url: /dologin.action | traceId: 489630ceb2de21b0

First lines of crowd error log:

2018-04-11 14:59:54,975 http-nio-8095-exec-1 INFO [server.impl.application.WebApplicationImpl] Initiating Jersey application, version 'Jersey: 1.19 02/11/2015 03:25 AM'
2018-04-11 14:59:55,434 http-nio-8095-exec-1 ERROR [common.error.jersey.ThrowableExceptionMapper] Uncaught exception thrown by REST service: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points
        ref 1: 'r01.fujitsu.local'
]; nested exception is javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points
        ref 1: 'r01.fujitsu.local'

Confluence V6.2.1 (Linux server)
Crowd V3.1.3 (same server)

PS: The initial heap size for Crowd was way too small - my first steps raised an 'out of memory' error for java. The heap size is now 8 GB.

2 answers

1 vote
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 11, 2018

Hi @[deleted]

nested exception is javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points
        ref 1: 'r01.fujitsu.local'

This seems to be a referrals issue as explained on this page: https://confluence.atlassian.com/jirakb/user-lookups-fail-with-partialresultexceptions-due-to-active-directory-follow-referrals-configuration-235668642.html

Please make sure that you disabled "Use node referrals" in the connector tab of your AD directory in Crowd's console.

Deleted user April 12, 2018

Hi @Bruno Vincent,

"use node referrals" has never been checked, so this can't be causing the errors.

Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 12, 2018

Hi @[deleted]

Anything else in the logs?

I still think this is a referrals issue. Can you tell us a bit more about your AD environment?

My guess is that you might have two domains involved here - let's say domainA and domainB - and that your user is a member of both domainA groups and domainB groups.

Deleted user April 12, 2018

On the confluence user management page, I can find my test user (myself). This uses a name "MCHJBAUS" that is not in the internal user directory.

On the other hand I changed the priority of the crowd server (putting it first) and the internal directory. Now when I login as with my local admin userid "adm_jean" the user directories page tells me that I am logged in through the Crowd directory.

My conclusion:

The first fact shows that LDAP is working through Crowd.
The second fact shows that login through Crowd works, too (without LDAP).

The only combination that doesn't work is login to Confluence, using a Crowd entry from the Active Directory.

Coming back to you after I have further looked at the log files from Crowd and Confluence...

Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 12, 2018

"The first fact shows that LDAP is working through Crowd."

Not all LDAP requests succeed since you get the referrals error in the logs. Your user is found, credentials checking (BIND in LDAP terminology) probably works too, but my guess is that Crowd cannot fetch your users' groups (because of that referrals issue) and in the end authentication fails because Crowd cannot verify that you user belongs to an authorized group for Confluence. This is my hypothesis anyway.

0 votes
Mirek
Community Champion
April 11, 2018

There might be few reasons behind that. Might be a network configuration problem. Please check this KB article - https://confluence.atlassian.com/crowdkb/crowd-user-authentication-fails-with-directory-x-is-not-functional-during-authentication-error-391086721.html

Deleted user April 12, 2018

Hi @Mirek,

as the password seems to be correctly checked, the connection to the AD must have been established (see the reaction to a deliberately false password).

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events