Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP Directory finds user, lets him authenticate but disallows login

Morten Sigsgaar
Morten Sigsgaard October 10, 2012

Hello guys

Im facing this problem; User is found and password is verified against my directory server (MS AD).

But the 'test' interface gets the error 'Test get user's memberships with 0 groups retrieved. : Failed'

And then there's attempt to login, it doesnt say wrong password or user not found - login is denied!

Setup is standard LDAP 389, a Domain User read only bind account and the integration is set as 'Read only with groups'. User should be granted groups upon login

What do i miss out on?

Answer
Watch
Like Be the first to like this
1107 views

3 answers

1 accepted

0 votes
Answer accepted
Morten Sigsgaar
Morten Sigsgaard October 11, 2012

I believe i have found the issue. The tested user was a 'blank' user, only with the same DN as my other users have. So i looked and found 'Domain User' - which probably didnt 'cut it' as a geniune group. So im guessing this is the issue - since a test with a user with some longer life to him (and memberships) seems to give no problem.

Now the only problem i see here is that i cannot filter OU's deep enough, the DN used for bind is in another OU then my internal users, i.e. humans are 'Internal Users', and bind account is 'Service Account', both hierachially placed under 'Users'.

If i set first filter to 'OU=Users' and 'OU=Internal Users' then the test fails with a NameNotFound exception. I can live with that, only problem is that Service Acc's are showing in Jira administration.

I will close this unless someone has a bit of extra info :)

Reply
0 votes
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 11, 2012

Hi Morten,

Quite hard to deduce the cause of the issue without logs and your directory configuration. Although please note that this is a public forum so censored some information if you wish to post it into this thread.

Jusging from your directory type, may I know if you retrieve any user membership from your LDAP server. The above test shows that Confluence are not able to retrieve any LDAP membership from your LDAP only not with Confluence local groups.

So if the configuration is setup to works only with local group membership, then it is an expected result. If you wished to retrieve LDAP memebrship as well then you might want to double check your membership configuration and group retrieveal configuration on this particular directory.

Hope it helps.

Cheers,
Septa Cahyadiputra

Reply
0 votes
Morten Sigsgaar
Morten Sigsgaard October 10, 2012

Uhm, weird just a minute ago the login was denied - just now it succeeded! Well, still getting 'Failed' in memberships above, how so?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events