Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence LDAP User Intermittenly Unable to Log-in

Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 25, 2014

I am runnning Conlfuence 4.3.3 using Active Directory for authentication. I'm experiencing an issue that is similiar to:

https://answers.atlassian.com/questions/309014/ldap-authentication-not-working-confluence

The majority of our users have no problems at all. But there are a few users who are able to successfully log-in, do their work, and then log-out. When they go back to log-in again at some later time, they receive a password incorrect error.

In the atlassian-confluence.log I see the following error for each attempt the users make to log-in:

tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

At first I thought maybe their Active Directory password expired, but that wasn't an issue. I had these users reset their password just to be sure they were typing in what they thought was the correct password, that didn't work either. I double-checked they were in the correct groups to access Confluence and that was fine.

The very strange part is if these users wait some undetermined time interval and try to log-in again, it is now successful without me changing anything.

Has anyone else experienced this behavior before and have thoughts as to what might be going on?

Thank you for your help.

Answer
Watch
Like Be the first to like this
704 views

3 answers

0 votes
David Puchosic
David Puchosic
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 17, 2014

Is your scenario similar to this? We have the same thing occurring and I thought there was an issue if the user is forced to change their account password on first log in. We have some users who aren't using the account to log into the domain, just web apps like Confluence.  I'll update if I can confirm this is it.

http://msdn.microsoft.com/en-us/library/aa746510(v=vs.85).aspx

Reply
0 votes
David at David Simpson Apps
David at David Simpson Apps
Atlassian Partner
June 26, 2014

I remember experiencing a problem like this when using AD servers that were set up with round-robin DNS (aka poor mans load balancing).

Sometimes the DNS would point to an AD server that was missing in action, resulting in a failure to find the AD and so unsuccessful login.

Could you have a similar AD setup?

Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still sends requests to that failed server.

Source: Active Directory 2008: DNS Round Robin Facts…

View More Comments
Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi David,

Thank you for the suggestion. I have Confluence pointing to a DNS name that goes directly to one of our AD controllers. I actually used to have it pointing to a round-robin name, but was experiencing other unrelated issues which were resolved by pointing to to only one.

Stephen

Like
Reply
0 votes
FelipeA
FelipeA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi Stephen,

Do you see any timeout errors on the logs? I ask you that because that behavior of not being able to authentication and after some moments succesfully authenticating is consistent with ldap timeout.

If after reviewing your logs you see any ldap timeout, please try adding the following JAVA_OPT and restarting Confluence:

-Dcom.sun.jndi.ldap.connect.pool.timeout=3

Best regards,

Felipe Alencastro

View More Comments
Stephen Gurnick
Stephen Gurnick
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2014

Hi Felipe,

I don't see any LDAP errors in my logs. But perhaps that's because I don't have the correct logging levels set. I have all logging options/levels that were set by default during the install. Can you recommend logging parameters I can change that would show more logging for LDAP?

Thank you for your help.

Stephen

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.