Cannot reset users password within Jira using LDAP

We are hitting an issue where users cannot change their passwords from inside Jira. There is a users directory of our Active directory server and read/write is enabled. The account used to connect is a domain administror so there are no restrictions and it is a simple lDAP setup with a lot of the settings sitll at default. SSL is not enabled for LDAP.

The error we get is:

The password could not be changed by the credentials provider. org.springframework.ldap.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 ]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 ]; remaining name 'cn=sabarish mahadevan,ou=qa,ou=psusers,dc=psslab,dc=local'

i have created groups in jira that have replicated to LDAP and there are no errors reported when testing the group directory from inside Jira.

Any ideas?

7 answers

1 accepted

Fixed it. It was an access issue as I was not using SSL. Configured SSL and now it works.

Hi Stuart,

Changing something like passwords will not be possible from JIRA as far as I know as that LDAP will be connected elsewhere as well. This is why, changing password is done thouth the LDAP itself. Yes creating new groups will reflect the LDAP as that grou pis not affected by any other application the LDAP is connected to.

I hope this answers your question.

Regards

Anand

So basically I need to set up a way for folks to just do a windows login(RDP to a terminal server) where they can change their password when it is required as Jira even though it is supposed to have read/write access to AD it can't change the password of the LDAP object?

The account I'm using to link Jira is a domain adminstrator account so has full control of everything :(

Yes. One question, this might solve your problem. Do you have modification permissions in your LDAP server? If so then you might be able to change the passwords. The reason why i think it may be blocking is because you may not have modification permissions in your LDAP server. Give that a try :)

This is the definition of the error that you are getting:

53	 LDAP_UNWILLING_TO_PERFORM	 Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action.

Which bring down to my first comment, which is, becuase it is used by all the other appications, it can only be changed through LDAP as the server will block it otherwise.

Thanks, I'll have to set up a 3rd party web page tool to allow users to reset passwords as they don't have RDP access.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Julia Dillon
Posted Apr 17, 2018 in Jira

Tell us how your team runs on Jira!

Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...

772 views 2 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you