LDAP Directory finds user, lets him authenticate but disallows login

Hello guys

Im facing this problem; User is found and password is verified against my directory server (MS AD).

But the 'test' interface gets the error 'Test get user's memberships with 0 groups retrieved. : Failed'

And then there's attempt to login, it doesnt say wrong password or user not found - login is denied!

Setup is standard LDAP 389, a Domain User read only bind account and the integration is set as 'Read only with groups'. User should be granted groups upon login

What do i miss out on?

3 answers

1 accepted

This widget could not be displayed.

I believe i have found the issue. The tested user was a 'blank' user, only with the same DN as my other users have. So i looked and found 'Domain User' - which probably didnt 'cut it' as a geniune group. So im guessing this is the issue - since a test with a user with some longer life to him (and memberships) seems to give no problem.

Now the only problem i see here is that i cannot filter OU's deep enough, the DN used for bind is in another OU then my internal users, i.e. humans are 'Internal Users', and bind account is 'Service Account', both hierachially placed under 'Users'.

If i set first filter to 'OU=Users' and 'OU=Internal Users' then the test fails with a NameNotFound exception. I can live with that, only problem is that Service Acc's are showing in Jira administration.

I will close this unless someone has a bit of extra info :)

This widget could not be displayed.

Uhm, weird just a minute ago the login was denied - just now it succeeded! Well, still getting 'Failed' in memberships above, how so?

This widget could not be displayed.

Hi Morten,

Quite hard to deduce the cause of the issue without logs and your directory configuration. Although please note that this is a public forum so censored some information if you wish to post it into this thread.

Jusging from your directory type, may I know if you retrieve any user membership from your LDAP server. The above test shows that Confluence are not able to retrieve any LDAP membership from your LDAP only not with Confluence local groups.

So if the configuration is setup to works only with local group membership, then it is an expected result. If you wished to retrieve LDAP memebrship as well then you might want to double check your membership configuration and group retrieveal configuration on this particular directory.

Hope it helps.

Cheers,
Septa Cahyadiputra

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

258 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you