User directory LDAP connection error

Alex Garcia May 18, 2018

Our AD LDAP integration was working fine yesterday. Now our users cannot login. I tried logging on with a native Jira account and was able to do so. when i check the user directory ldap connection i noticed most of the config was gone. A lot of required fields missing. I tried entering the fields but now get the error below:

 

Test retrieve user : Failedorg.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'dc=hilltop,dc=global'For more information regarding LDAP error codes see Troubleshooting LDAP Error Codes.

2 answers

1 vote
ASweeten
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 18, 2018

Hi Alex,

There is a set of troubleshooting steps for the error you are seeing in our Common Use Management Errors KB

Because this was working previously, it is most likely a problem with the bind user or its credentials.

Please see the very first item, LDAP Error 1: 

Check the LDAP Server logs and configuration to ensure that it is working free from errors. When a user attempts to log in to an Atlassian application, the server: 

  1. Search for the administrative user's DN, using the admin account's credentials from the User Directory configuration.
  2. Binds to LDAP using the DN from step 1.
  3. Searches for the user that is attempting to authenticate.
  4. Attempts to bind as that user using the password provided.
  5. If the bind is successful, that user will have their details synchronized with the target directory.

In this particular case, step 1 is failing. This is usually due to the user's password requiring a reset, the admin is unable to login or it is not an official administrator for the LDAP engine.

Possible solutions/checks:

  1. Verify the user's password trying to login to the Atlassian application does not require a reset on the next login.
  2. Check that you can log in as that user in another system that is connected to the same LDAP engine.
  3. Ensure that the user configured to bind to the LDAP server is an actual administrator of the LDAP engine (i.e. in an Active Directory they are a member of the Administrator built-in group). If the user is not Administrator, make sure it has read-only access to all directory levels used by your Atlassian application.
  4. a group (or groups) has a name that has two leading spaces. Execute the following query to determine if there are any groups like that, in the specified directory:

    select id, group_name from cwd_group where directory_id = '1234567' and group_name like '% %';
    • Determine which groups have names with leading spaces by running the diagnostic query above
    • Rename the problematic groups in Active Directory by removing the leading spaces

    • Restart synchronisation
Michael Daoust July 5, 2018

I have this problem as well. A service restart fixes it short term.

0 votes
Helius
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 14, 2024

Finally, make sure you deselect the "Use naive DN matching" option in the Connector tab.

This simple adjustment has proven to be effective for me.

Suggest an answer

Log in or Sign up to answer