Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Active Directory sync problems 57

John Doe
John Doe June 7, 2022

Hi,

After the latest update (8.22.3) I've been experiencing problems with LDAP/AD Sync.

I have two LDAP user directories in Jira*, one for "Users", one for "Customers" and both are synced from the same Domain Controller. 
The User Directory settings in both have slight difference in OU structure and group memberships but are otherwise identical.
This problem only manifests in the "Customer" directory while "Users" directory sync works flawlessly, and I stress this, with the same service account used in syncing.

Error message from the logs:

2022-06-07 04:58:07,094+0000 Caesium-1-2 ERROR ServiceRunner [c.a.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10100 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 57, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 57, v4563^@]

(data 57 seems to be undocumented/reserved in LDAP wiki.)

This problem persists until I start to fiddle with the User Directory configs, this can take from couple of minutes to couple of hours, mainly changing account used to sync and suddenly it starts working again with the original account.

Problem can occur in Jira while Jira Service Management is unaffected and vice versa.

Problem also reoccurs after a day or two.

Account is and have been active this whole time and is used in the user directory sync without fail.

I'm using the official docker images.

*This problem occurs in both Jira and Jira Service Management Data Center editions (not clustered).

 

Any ideas what causes this/how can I fix this?

Answer
Watch
Like # people like this
2466 views

5 answers

1 accepted

1 vote
Answer accepted
Patrick Patrick
Patrick July 22, 2022

It appears that the bug fixes in 8.22.6 have resolved our issue.  Directory synchronization is now working without having to recreate the AD connections.

Reply
1 vote
Christian Pätzold
Christian Pätzold June 10, 2022

Hi, I have a similar problem with AD and Jira / Confluence since the last update.

I have to add the AD password again and test/save it. Sometimes more than once until it works again. 

After restart the same problem again.

Error message:
org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 57, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 57, v2580]

 

Workaround as mentioned before: Add the AD password again and save / test it until it works again.

View More Comments
Patrick Patrick
Patrick June 29, 2022

Same issue with both 8.22.3 and 8.22.4 as updated on 29/06/2022.  Any help on a more permeant solution would be appreciated.

Like
Brian René Jensen
Brian René Jensen July 4, 2022

@Patrick PatrickWe are experienceing this issue as well. Have you managed to find a more permanent solution to this issue?

Like
Patrick Patrick
Patrick July 6, 2022

Sorry, no.  Our only working solution at this point is to remove and re-add the entry.

Like
Jacek Zarzycki
Jacek Zarzycki July 13, 2022

Same problem with Jira 8.22.4 without Service Desk

Like
Reply
0 votes
Andre Untiedt
Andre Untiedt February 6, 2024

We are experiencing the same LDAP 57 issue on 9.12.2, running on Debian bookworm with Postgresql 15 and Java 17.

Reply
0 votes
Mintu Mondal
Mintu Mondal August 26, 2022

I am unable to create a jira request for our website. https://www.cordlifeindia.com/

Reply
0 votes
Andreas Wollenhaupt
Andreas Wollenhaupt July 4, 2022

Same issue with 8.22.4

Same AD, different OUs.

View More Comments
Andreas Wollenhaupt
Andreas Wollenhaupt July 4, 2022

Apparently with the function to "update the user attributes on login" my users are able to login.

Like Chris Shepherd likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events