LDAP Directory finds user, lets him authenticate but disallows login

Hello guys

Im facing this problem; User is found and password is verified against my directory server (MS AD).

But the 'test' interface gets the error 'Test get user's memberships with 0 groups retrieved. : Failed'

And then there's attempt to login, it doesnt say wrong password or user not found - login is denied!

Setup is standard LDAP 389, a Domain User read only bind account and the integration is set as 'Read only with groups'. User should be granted groups upon login

What do i miss out on?

3 answers

1 accepted

0 votes
Accepted answer

I believe i have found the issue. The tested user was a 'blank' user, only with the same DN as my other users have. So i looked and found 'Domain User' - which probably didnt 'cut it' as a geniune group. So im guessing this is the issue - since a test with a user with some longer life to him (and memberships) seems to give no problem.

Now the only problem i see here is that i cannot filter OU's deep enough, the DN used for bind is in another OU then my internal users, i.e. humans are 'Internal Users', and bind account is 'Service Account', both hierachially placed under 'Users'.

If i set first filter to 'OU=Users' and 'OU=Internal Users' then the test fails with a NameNotFound exception. I can live with that, only problem is that Service Acc's are showing in Jira administration.

I will close this unless someone has a bit of extra info :)

Uhm, weird just a minute ago the login was denied - just now it succeeded! Well, still getting 'Failed' in memberships above, how so?

Hi Morten,

Quite hard to deduce the cause of the issue without logs and your directory configuration. Although please note that this is a public forum so censored some information if you wish to post it into this thread.

Jusging from your directory type, may I know if you retrieve any user membership from your LDAP server. The above test shows that Confluence are not able to retrieve any LDAP membership from your LDAP only not with Confluence local groups.

So if the configuration is setup to works only with local group membership, then it is an expected result. If you wished to retrieve LDAP memebrship as well then you might want to double check your membership configuration and group retrieveal configuration on this particular directory.

Hope it helps.

Septa Cahyadiputra

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,938 views 19 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you