We are hitting an issue where users cannot change their passwords from inside Jira. There is a users directory of our Active directory server and read/write is enabled. The account used to connect is a domain administror so there are no restrictions and it is a simple lDAP setup with a lot of the settings sitll at default. SSL is not enabled for LDAP.
The error we get is:
The password could not be changed by the credentials provider. org.springframework.ldap.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 ]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 ]; remaining name 'cn=sabarish mahadevan,ou=qa,ou=psusers,dc=psslab,dc=local'
i have created groups in jira that have replicated to LDAP and there are no errors reported when testing the group directory from inside Jira.
Changing something like passwords will not be possible from JIRA as far as I know as that LDAP will be connected elsewhere as well. This is why, changing password is done thouth the LDAP itself. Yes creating new groups will reflect the LDAP as that grou pis not affected by any other application the LDAP is connected to.
I hope this answers your question.
So basically I need to set up a way for folks to just do a windows login(RDP to a terminal server) where they can change their password when it is required as Jira even though it is supposed to have read/write access to AD it can't change the password of the LDAP object?
Yes. One question, this might solve your problem. Do you have modification permissions in your LDAP server? If so then you might be able to change the passwords. The reason why i think it may be blocking is because you may not have modification permissions in your LDAP server. Give that a try :)
This is the definition of the error that you are getting:
53 LDAP_UNWILLING_TO_PERFORM Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action.
Which bring down to my first comment, which is, becuase it is used by all the other appications, it can only be changed through LDAP as the server will block it otherwise.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hey Atlassian Community! Today we are launching a bunch of customer stories about the amazing work teams, like Dropbox and Twilio, are doing with Jira. You can check out the stories here. The thi...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs