I have configured Jira 6.2 to use a Microsoft Active Directory user directory.
It works smoothly, as usual, but there is a message not clear at all: if a user locks his Active Directory account trying to login to Windows and the account get s locked, when he goes to other computer and try to log in to Jira it says that the username or password are incorrect. Is that a bug? Or it is intended to be that way? Is there a way to change it without modifying the Jira Installation directory, or without opening a JAR?
A little late to this party but I discovered this thread in creating the following feature request:
https://jira.atlassian.com/browse/JRASERVER-66580
I'm assuming the UI doesn't show account locked errors due to security concerns. If you have a public-facing Jira with an internal active directory you could attempt to phish for accounts if error messages are more specific.
The same behavior is seen with Stash. In our particular case, if AD is requiring a user password change because it expired, the Stash UI simply says login failed, with no further information. It required trying to ssh to a machine before we figured out that the problem was an expired password.
Why doesn't the UI show the messages or a message that is returned from AD?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.