Users can't log in (using Delegated LDAP Authentication) Edited

One of our users cant login on confluence for two weeks. log says:

2017-11-03 08:12:55,049 WARN [http-nio-8090-exec-5] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'abcdefg' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
-- referer: http://<serverip>:8090/login.action?os_destination=%2Fpages%2Fviewpage.action%3FpageId%3D6455325%26src%3Dmail%26src.mail.timestamp%3D1509685801121%26src.mail.notification%3Dcom.atlassian.confluence.plugins.confluence-notifications-batch-plugin%253Abatching-notification%26src.mail.recipient%3D8aad06e95ec888f4015ecc22dd6f0097%26src.mail.action%3Dview&permissionViolation=true | url: /dologin.action | traceId: ad3395a920709676

 

we use delegated LDAP directory first and secondly integral directory (with no user in it). all of our 10 users are authenticated from LDAP. 9 users can login only one user can't. user changed password nearly one month ago before the login error and connection to LDAP seems ok for other users.

 

How can we fix this?

1 answer

1 vote
Ann Worley Atlassian Team Nov 03, 2017

Welcome to the forum.

I understand that you are using a delegated LDAP directory to authenticate users but one user cannot log in.

The error message you are reporting is the one I get in my log when I enter the wrong credentials. When I take away USE permission and log in I do not get that error, so we can discard USE permission as the cause.

  • When you view the user in User Management, is there anything remarkable about their account?
  • If the user is not listed in User Management, please go to User Directories and check the user filter and DN setup of the delegated User Directory, to make sure the user is in the right OU, groups, etc, that are specified in the setup.

As an aside, you mentioned you don't have any users in the Confluence Internal directory. It is recommended to keep an internal user with admin permissions in the internal directory in case you need to edit the LDAP directory or log in when the LDAP directory is unavailable for any reason. You may create the user under User Management and add it to the confluence-administrators group to give it super user permissions.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Friday in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

299 views 11 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you