It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can't login to jira Edited

Jerry Su Feb 18, 2018

Hello,

This is a very urgent issue.
I would like to login into JIRA with the following message is displayed: Sorry, an error occurred trying to log you in - please try again.
At present, all AD accounts can not login, including not AD's local account can not login, I would like to ask how to solve this problem?

How I can create a local user from linux shell?

How I can change LDAP setting from linux shell?

2 answers

0 votes
Nic Brough [Adaptavist] Community Leader Feb 18, 2018

Sounds like there's something wrong with the LDAP.

Do not try to fiddle with settings or LDAP on the command line (I think you're already thinking that!)  Instead,

  1. Read the logs to see what the directory errors are when an AD user tries to log in.  It might be an "AD server unavailable" problem, in which case, no amount of fiddling in Jira is going to fix anything.
  2. If it could be a Jira issue, get a local admin enabled in the internal directory and investigate what the directory set up is.  See https://confluence.atlassian.com/jira/retrieving-the-jira-administrator-192836.html
Jerry Su Feb 18, 2018

Because LDAP setup is complete, it has been working for more than three months without any problems. Now in the absence of any changes in the settings, but can not log in, how to solve this problem?
I was thinking about how to use linux commands to modify LDAP, because I can not login JIRA also can't set up LDAP.

Nic Brough [Adaptavist] Community Leader Feb 18, 2018

No, please, please read the answer I gave.

You do not know what the problem is, so you can not fix it.  Fiddling with LDAP when it's a Jira problem is useless, as is fiddling with Jira when it's an LDAP problem.

Diagnose first, then you will know where to look first for a fix.

Jerry Su Feb 18, 2018

The following error message constantly appears:

2018-02-18 22: 58: 25,781 http-bio-8443-exec-18 ERROR anonymous 1378x1000x1 yur3sg 27.246.200.250,172.31.13.131 /rest/gadget/1.0/login [crowd.manager.application.ApplicationServiceGeneric] Directory 'Active Directory server 'is not functional during authentication of' p-samuelmichael '. Skipped.

2018-02-18 22: 58: 25,781 http-bio-8443-exec-18 ERROR anonymous 1378x1000x1 yur3sg 27.246.200.250,172.31.13.131 /rest/gadget/1.0/login [jira.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'p-samuelmichael'.

[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Nic Brough [Adaptavist] Community Leader Feb 18, 2018

Jira cannot reach your LDAP server, because it doesn't have a valid certificate to reach it.

If  you have changed nothing, then my best guess is the certificate has expired or been revoked by the authority.

Jerry Su Feb 18, 2018

Thank you very much for your response.
I'm still trying to solve this problem.

Jerry Su Feb 18, 2018

The situation looks very much like the following URL: https://jira.atlassian.com/browse/JRASERVER-45367

But my version of Java is: Java (SE) SE Runtime Environment (build 1.8.0_45-b14), will not affect.

Trying to use the following update still does not solve the problem.
https://confluence.atlassian.com/kb/connecting-to-ssl-services-802171215.html

Nic Brough [Adaptavist] Community Leader Feb 19, 2018

I think you've found the right docs there, and they are right, but the cert you have for your LDAP server is wrong because it has been revoked by your network admins, or it has expired.  Either way, you need to get a cert that works with your LDAP services.  Talk to the admins of that service.

Jerry Su Feb 20, 2018 • edited

The LDAP service has multiple administrators, but I did not make any changes, not sure if the settings have been changed by other administrators, cause LDAP service key expired, I've fixed this issue, linux base how to check the service key expiration time ? 
Thank you very much for your response.

Nic Brough [Adaptavist] Community Leader Feb 20, 2018

I don't know what you mean by "service key expiration time"?

Jerry Su Feb 20, 2018

Confirm JIRA Server all LDAP key and Server key, check the key expiration time.

Nic Brough [Adaptavist] Community Leader Feb 21, 2018

Randomly quoting the same words out of what you said before does not explain anything. 

Jerry Su Feb 21, 2018

I don't know why this problem occurs, the final solution is to change the key, import to jira can login.
I would like to know the key time period, when will expire?

Nic Brough [Adaptavist] Community Leader Feb 21, 2018

Right, you mean the certificate, not the key (they are different things)

Use openssl to read the certificate, it will give you an expiry date.  Or ask the admins who generated it for you.

Jerry Su Feb 21, 2018

Thanks a lot. 

:)

0 votes
Jerry Su Feb 18, 2018 • edited

    .

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira

Try Jira Cloud for Outlook: Organize your work without leaving your inbox

Hi Atlassian community, My name is Max and I work on the product integration team at Atlassian. I am pleased to announce the early access program for the Jira Cloud add-in for Outlook. This add-in...

2,047 views 6 15
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you