Multiple read-only LDAP user directories


Recently we had a failure of a Microsoft AD server that left our users unable to log in. To alleviate this issue in the future, I was wondering if it's possible to configure two LDAP user directories so that if the first fails, the second one will be able to provide authentication information. This would be for both JIRA and Confluence (vers. 6.3.14 and 4.3.7 respectively). Both LDAP servers contain the same user information, so there shouldn't be a problem with duplicate users and both would be in read-only mode.

Is it possible to do this and would it work as expected?

Thank you,

-- Mike Beebe

3 answers

1 accepted

This widget could not be displayed.

Hi Mike,

This is not possible at the moment, unfortunately. Confluence and JIRA does not provide failover support for LDAP as we can see in these links:

I recommend to vote and comment in those features to increase their priorities.



Hello Rodrigo, What kind of impact would there be, if we add a secondary LDAP user directory in JIRA?

This widget could not be displayed.

This is probably not the answer you are looking for, but I would think the ideal solution would be to make your LDAP servers redundant for all systems.


I also think this is most likely possible they way your are describing it, especially if you have Crowd. But I don't have any experience in this area yet.

This widget could not be displayed.

An important aspect is that LDAP is a stateful protocol and simple load balancing setups may not work as expected. The best solution for making LDAP highly available is client-side failover to one or more hot-standby servers.

We're currently rolling out such a solution, and it's very surprising that Atlassion tools don't have official support for this.

After a little bit of experimentation, I found out that the LDAP backend of Confluence actually supports the feature, but the UI does not handle multiple URLs correctly.

You can enter a list of servers into the ldapUrl field, separated by a space. If you use LDAPS, you need to prepend ldaps:// to each additional entry. Also, don't forget the port, if it is non-standard:

my-ldap-server-1:636 ldaps://my-ldap-server-2:636 ldaps://my-ldap-server-3

This will work and actually fail over to the second or third server if the first one can't be reached.

But after that, it is no longer possible to open the LDAP server configuration page due to incorrect parsing of the ldapUrl field:

Caused by: java.lang.NumberFormatException: For input string: "636 ldaps://my-ldap-server-2:636"
        at java.lang.NumberFormatException.forInputString(Unknown Source)
        at java.lang.Integer.parseInt(Unknown Source)
        at java.lang.Integer.parseInt(Unknown Source)
        at com.atlassian.crowd.embedded.admin.ldap.LdapDirectoryConfiguration.setLdapUrl(

 I really think Atlassian should add official support for this, as it seems the hard work is already done and only the UI needs to be adapted.

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

155 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you