Heads up! On March 5, starting at 4:30 PM Central Time, our community will be undergoing scheduled maintenance for a few hours. During this time, you will find the site temporarily inaccessible. Thanks for your patience. Read more.

×
Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Jira Active Directory sync problems 57

John Doe
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 7, 2022

Hi,

After the latest update (8.22.3) I've been experiencing problems with LDAP/AD Sync.

I have two LDAP user directories in Jira*, one for "Users", one for "Customers" and both are synced from the same Domain Controller. 
The User Directory settings in both have slight difference in OU structure and group memberships but are otherwise identical.
This problem only manifests in the "Customer" directory while "Users" directory sync works flawlessly, and I stress this, with the same service account used in syncing.

Error message from the logs:

2022-06-07 04:58:07,094+0000 Caesium-1-2 ERROR ServiceRunner [c.a.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10100 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 57, v4563^@]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 57, v4563^@]

(data 57 seems to be undocumented/reserved in LDAP wiki.)

This problem persists until I start to fiddle with the User Directory configs, this can take from couple of minutes to couple of hours, mainly changing account used to sync and suddenly it starts working again with the original account.

Problem can occur in Jira while Jira Service Management is unaffected and vice versa.

Problem also reoccurs after a day or two.

Account is and have been active this whole time and is used in the user directory sync without fail.

I'm using the official docker images.

*This problem occurs in both Jira and Jira Service Management Data Center editions (not clustered).

 

Any ideas what causes this/how can I fix this?

5 answers

1 accepted

1 vote
Answer accepted
Patrick July 22, 2022

It appears that the bug fixes in 8.22.6 have resolved our issue.  Directory synchronization is now working without having to recreate the AD connections.

1 vote
Christian Pätzold
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 10, 2022

Hi, I have a similar problem with AD and Jira / Confluence since the last update.

I have to add the AD password again and test/save it. Sometimes more than once until it works again. 

After restart the same problem again.

Error message:
org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 57, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 57, v2580]

 

Workaround as mentioned before: Add the AD password again and save / test it until it works again.

Patrick June 29, 2022

Same issue with both 8.22.3 and 8.22.4 as updated on 29/06/2022.  Any help on a more permeant solution would be appreciated.

Brian René Jensen
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 4, 2022

@Patrick PatrickWe are experienceing this issue as well. Have you managed to find a more permanent solution to this issue?

Patrick July 6, 2022

Sorry, no.  Our only working solution at this point is to remove and re-add the entry.

Jacek Zarzycki
Contributor
July 13, 2022

Same problem with Jira 8.22.4 without Service Desk

0 votes
Andre Untiedt
Contributor
February 6, 2024

We are experiencing the same LDAP 57 issue on 9.12.2, running on Debian bookworm with Postgresql 15 and Java 17.

0 votes
Mintu Mondal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 26, 2022

I am unable to create a jira request for our website. https://www.cordlifeindia.com/

0 votes
Andreas Wollenhaupt July 4, 2022

Same issue with 8.22.4

Same AD, different OUs.

Andreas Wollenhaupt July 4, 2022

Apparently with the function to "update the user attributes on login" my users are able to login.

Like Chris Shepherd likes this

Suggest an answer

Log in or Sign up to answer