Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Delete users from a deleted LDAP



We have a locally hosted jira software, and we had an AD migration following the acquisition of our company.
The problem is that some disable AD accounts from the old LDAP had not been deactivated from Jira access (Access to the application: Jira Software had not been unchecked on the profile).
And those disable AD account have not been recreated in the new LDAP server.

So the user which remains in Jira is therefore an user of the old system who is no longer accessible.

And so that we can no longer uncheck this box of the access to the application.
We have the following error message:

com.atlassian.crowd.exception.runtime.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: OldDomainControler:389; nested exception is javax.naming.CommunicationException: OldDomainControler:389 [Root exception is OldDomainControler]

The problem is that the user is still using an access to the application: Jira Software license even though it no longer exists. and due to limitation of the number of license locally i can't add new user for connect to Jira.

Is there a way to uncheck this box and make the used license available ?
Without necessarily deleting the user, but at least being able to release the access license.

Thank you.

1 answer

0 votes

Is the user showing as disabled in jira? I don't believe disabled users consume a license even if they would otherwise be granted access.

Did you grant licenses individually, or did you rely on some group membership to grant the license? If you used groups, you should see if you can remove the user from the group in jira. 

A lot of this will really depend on how you set up your ldap integration, and your application licensing.

The user does not appear as disabled.
It appears active, that's the problem.
Because in the old AD, the user had just left the company before the migration, his account was not deactivated in the old AD, but was not created in the new AD.
So this user does not exist anymore.
And old domain controller does not exist anymore.
Impossible to remove the user from a group or to uncheck the box 'Jira software' on his profile.
In the configuration of the LDAP user directory it is indicated the default group membership = jira-users. not jira-software-user (user in jira-software-user is manually manage)
This user is too in jira-administrator group and i can't delete it

In the settings for your user directory configuration, under advanced settings, do you have the "Enable Incremental Synchronization" checkbox checked?

If you do, try unchecking it and running another sync. See if that clears things out.

You can also try checking off "Manage User Status Locally" and "Filter out expired users"

See if any of those settings help

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events