Active Directory Users Cannot Login

casupport January 16, 2012

Sometimes we have issues with Active Directory users unable to log into Jira 4.4.1 . There will be no error message. Syncronization tests successfully. We are getting the following error in the atlassian-jira.log . Any help would be appreciated. Thank you.

2012-01-16 16:48:53,626 QuartzWorker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 10000 ] starting
2012-01-16 16:49:56,782 QuartzWorker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 63156ms ]
2012-01-16 16:49:56,939 QuartzWorker-1 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:377)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedObjectsSince(MicrosoftActiveDirectory.java:327)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedUsersSince(MicrosoftActiveDirectory.java:299)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:292)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:203)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323)
... 13 more
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
... 15 more
Caused by: javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
... 17 more
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:189)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
... 20 more

3 answers

1 accepted

0 votes
Answer accepted
casupport January 30, 2012

The domain controller that JIRA was trying to authenticate was not always replicating with other domain controllers. Once the domain controllers were replicating each other consistency, the issue resolved.

0 votes
casupport January 16, 2012

I see that nested groups will take a performance hit. Could that be the problem. We have the groups set up similar to:

  • JIRA - Users
    • Administrative Team
      • Supervisors
        • User1

Do I need to drop nested groups and place everyone in the JIRA - Users active directory? Is there a depth limit?

0 votes
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 16, 2012

As you are getting time out exceptions in the log try modifying the timeout settings under the Advanced section in your LDAP User Directory

http://confluence.atlassian.com/display/JIRA/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-AdvancedSettings

casupport January 16, 2012

Thank you for the suggestion. The default timeout periods seem to be ample as a synchronisation takes less than 5 seconds. I have the defaults:

Read Timeout: 120 seconds

Search Timeout: 60 seconds

Connection Timeout: 0 seconds

I did change this parameter a week ago hoping that it may help.

Synchronisation Interval: 5 minutes

Suggest an answer

Log in or Sign up to answer