LDAP Directory finds user, lets him authenticate but disallows login

Hello guys

Im facing this problem; User is found and password is verified against my directory server (MS AD).

But the 'test' interface gets the error 'Test get user's memberships with 0 groups retrieved. : Failed'

And then there's attempt to login, it doesnt say wrong password or user not found - login is denied!

Setup is standard LDAP 389, a Domain User read only bind account and the integration is set as 'Read only with groups'. User should be granted groups upon login

What do i miss out on?

3 answers

1 accepted

I believe i have found the issue. The tested user was a 'blank' user, only with the same DN as my other users have. So i looked and found 'Domain User' - which probably didnt 'cut it' as a geniune group. So im guessing this is the issue - since a test with a user with some longer life to him (and memberships) seems to give no problem.

Now the only problem i see here is that i cannot filter OU's deep enough, the DN used for bind is in another OU then my internal users, i.e. humans are 'Internal Users', and bind account is 'Service Account', both hierachially placed under 'Users'.

If i set first filter to 'OU=Users' and 'OU=Internal Users' then the test fails with a NameNotFound exception. I can live with that, only problem is that Service Acc's are showing in Jira administration.

I will close this unless someone has a bit of extra info :)

Uhm, weird just a minute ago the login was denied - just now it succeeded! Well, still getting 'Failed' in memberships above, how so?

Hi Morten,

Quite hard to deduce the cause of the issue without logs and your directory configuration. Although please note that this is a public forum so censored some information if you wish to post it into this thread.

Jusging from your directory type, may I know if you retrieve any user membership from your LDAP server. The above test shows that Confluence are not able to retrieve any LDAP membership from your LDAP only not with Confluence local groups.

So if the configuration is setup to works only with local group membership, then it is an expected result. If you wished to retrieve LDAP memebrship as well then you might want to double check your membership configuration and group retrieveal configuration on this particular directory.

Hope it helps.

Cheers,
Septa Cahyadiputra

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,958 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot