Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,294,641
Community Members
 
Community Events
165
Community Groups

Auth via LDAP does not longer work after upgrade

We have upgraded our jira docker instance to the latest 8.x version, but unfortunately no auth against our LDAP server is possible anymore :-(. Local users are still able to log in, also users with valid sessions can use jira without an issue, so the update seems to work, only authenticating users via our LDAP is not possible...

 

When jira is requesting the password of a user stored in LDAP we get error 49. The same user can bind to our LDAP and search for content e.g. with ldapsearch. Also the user to sync user configured in jira to connect our LDAP is working when using other tools.

 

We use openldap and have started slapd in debug mode. During a failing auth of a jira user we see the following in our logs:

 

ldap_read: want=8, got=8
0000: 30 82 02 3a 02 01 01 60 0..:...`
ldap_read: want=566, got=566
0000: 82 02 33 02 01 03 04 2b 63 6e 3d 6a 69 72 61 2c ..3....+cn=jira,
0010: 6f 75 3d 73 79 73 74 65 6d 73 2c 6f 75 3d 75 73 ou=systems,ou=us
0020: 65 72 73 2c 64 63 3d 6c 69 6e 6f 76 61 2c 64 63 ers,dc=  company,dc
0030: 3d 64 65 80 82 01 ff 7b 41 45 53 5f 43 42 43 5f =de....{AES_CBC_
0040: 50 4b 43 53 35 50 61 64 64 69 6e 67 7d 7b 22 6b PKCS5Padding}{"k
0050: 65 79 46 69 6c 65 50 61 74 68 22 3a 22 4b 45 59 eyFilePath":"KEY
0060: 5f 44 49 52 2f 6a 61 76 61 78 2e 63 72 79 70 74 _DIR/javax.crypt
0070: 6f 2e 73 70 65 63 2e 53 65 63 72 65 74 4b 65 79 o.spec.SecretKey
0080: 53 70 65 63 5f 31 36 30 36 38 31 31 31 34 33 35 Spec_16068111435
0090: 30 30 22 2c 22 73 65 72 69 61 6c 69 7a 65 64 53 00","serializedS
00a0: 65 61 6c 65 64 4f 62 6a 65 63 74 22 3a 22 72 4f ealedObject":"rO
00b0: 30 41 42 58 4e 79 41 42 6c 71 59 58 5a 68 65 43 0ABXNyABlqYXZheC
00c0: 35 6a 63 6e 6c 77 64 47 38 75 55 32 56 68 62 47 5jcnlwdG8uU2VhbG
00d0: 56 6b 54 32 4a 71 5a 57 4e 30 50 6a 59 39 70 73 VkT2JqZWN0PjY9ps
00e0: 4f 33 56 48 41 43 41 41 52 62 41 41 31 6c 62 6d O3VHACAARbAA1lbm
00f0: 4e 76 5a 47 56 6b 55 47 46 79 59 57 31 7a 64 41 NvZGVkUGFyYW1zdA
0100: 41 43 57 30 4a 62 41 42 42 6c 62 6d 4e 79 65 58 ACW0JbABBlbmNyeX
0110: 42 30 5a 57 52 44 62 32 35 30 5a 57 35 30 63 51 B0ZWRDb250ZW50cQ
0120: 42 2b 41 41 46 4d 41 41 6c 77 59 58 4a 68 62 58 B+AAFMAAlwYXJhbX
0130: 4e 42 62 47 64 30 41 42 4a 4d 61 6d 46 32 59 53 NBbGd0ABJMamF2YS
0140: 39 73 59 57 35 6e 4c 31 4e 30 63 6d 6c 75 5a 7a 9sYW5nL1N0cmluZz
0150: 74 4d 41 41 64 7a 5a 57 46 73 51 57 78 6e 63 51 tMAAdzZWFsQWxncQ
0160: 42 2b 41 41 4a 34 63 48 56 79 41 41 4a 62 51 71 B+AAJ4cHVyAAJbQq
0170: 7a 7a 46 2f 67 47 43 46 54 67 41 67 41 41 65 48 zzF/gGCFTgAgAAeH
0180: 41 41 41 41 41 53 42 42 44 52 55 41 68 6a 48 4e AAAAASBBDRUAhjHN
0190: 63 4c 47 70 45 37 49 57 6a 6c 41 69 52 43 64 58 cLGpE7IWjlAiRCdX
01a0: 45 41 66 67 41 45 41 41 41 41 51 4f 37 35 67 68 EAfgAEAAAAQO75gh
01b0: 54 30 44 63 75 57 61 49 77 66 47 64 31 55 70 43 T0DcuWaIwfGd1UpC
01c0: 42 38 70 70 45 67 59 38 79 75 43 63 58 45 45 32 B8ppEgY8yuCcXEE2
01d0: 4e 72 63 6e 4c 32 63 45 37 5a 65 71 7a 62 62 32 NrcnL2cE7Zeqzbb2
01e0: 6a 76 49 6f 36 64 70 42 36 74 72 69 69 4b 45 67 jvIo6dpB6triiKEg
01f0: 74 6a 68 6a 6a 38 39 58 63 64 6a 6e 2b 76 53 39 tjhjj89Xcdjn+vS9
0200: 56 30 41 41 4e 42 52 56 4e 30 41 42 52 42 52 56 V0AANBRVN0ABRBRV
0210: 4d 76 51 30 4a 44 4c 31 42 4c 51 31 4d 31 55 47 MvQ0JDL1BLQ1M1UG
0220: 46 6b 5a 47 6c 75 5a 77 5c 75 30 30 33 64 5c 75 FkZGluZw\u003d\u
0230: 30 30 33 64 22 7d 003d"}

 

It seems that not the password is read from LDAP but some java object which explains the error code 49, because this is really no password.

 

When searching for the ldap.password entry in the database I see something like this:

 

{AES_CBC_PKCS5Padding}{"keyFilePath":"KEY_DIR/javax.crypto.spec.SecretKeySpec_1606811143500","serializedSealedObject":"...a very long string..."}

 

Has anyone an idea whats going wrong there and what we can do to solve the issue?

 

Thanks for any hint and your help,

 

  Schoepp

 

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Software

Upcoming changes to epic fields in company-managed projects

👋 Hi there Jira Community! A few months ago we shared with you plans around renaming epics in your company-managed projects. As part of these changes, we highlighted upcoming changes to epics on...

14,237 views 35 44
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you