Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Internal Directory with delegated LDAP Authentication

Wenfeng
Wenfeng March 8, 2018

Hi All,

 

We are currently using the Jira Internal Directory for authentication with Jira. We would like to now authenticate these users using LDAP.

 

I have set up the Delegated LDAP Authentication directory and tested the connection with success. 

The Jira username is set to the same as that username attribute 'sAMAccountName'

and the Base DN is set to the parent OU (users are held in child OU nested beneath this)

The Delegated LDAP Authentication directory is set to the top.

 

When I try to log in I receive sorry your username and password are incorrect. However, I can still log in with the Jira Internal Password. I assume I am missing something  Can anybody help?

 

Many Thanks in advance

Answer
Watch
Like Be the first to like this
627 views

1 answer

0 votes
Mirek
Mirek
Community Champion
March 8, 2018

I suggest to check the logs for interesting errors. This will give a better picture. You might want to also run DEBUG mode to get even more.

Overall does user create when trying to do a log in attempt? Can you check on a user that is not in internal directory (if trying to use same usernames). Overall you might want to check default membership of a new user also..

View More Comments
Wenfeng
Wenfeng March 8, 2018

I have put debug mode on and I'm seeing this (I have * out the IP) :

 

2018-03-08 09:46:56,477 http-nio-8080-exec-17 anonymous 586x1002082x1 1mvoq9r **.*.*.* /login.jsp The user 'parker_b' has FAILED authentication. Failure count equals 1
2018-03-08 09:46:56,479 http-nio-8080-exec-17 parker_b 586x1002082x1 1mvoq9r **.*.*.* /login.jsp login.jsp called with lastLoginResult : com.atlassian.jira.bc.security.login.LoginResultImpl@13e0854[reason=AUTHENTICATED_FAILED,loginInfo=com.atlassian.jira.bc.security.login.LoginInfoImpl@1bad0bb[lastLoginTime=1520501888967,previousLoginTime=1520500840314,loginCount=1023,currentFailedLoginCount=1,totalFailedLoginCount=68,lastFailedLoginTime=1520502416470,elevatedSecurityCheckRequired=false,maxAuthenticationAttemptsAllowed=3],userName=parker_b,deniedReasons=[]]
2018-03-08 09:46:56,596 analyticsEventProcessor:thread-1 parker_b Setting JIRA Auth Context to be 'parker_b'
2018-03-08 09:46:56,596 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'

 

With regards to new users, we would like the existing users in the internal directory to just authenticate and any new users to be created on login. However, I'm seeing the same error for new users also?

Like
Mirek
Mirek
Community Champion
March 8, 2018

Is thee user actually created and associated with default groups? Do you have Copy on Login option enabled?

Like
Wenfeng
Wenfeng March 8, 2018

Hi

I have tried with and without copy on login enabled, neither times the user was created and existing users are unable to log in on either the LDAP or internal password when enabled. When copy on login is not enabled you can only log in using your existing internal password and not the LDAP password.

Like
Pooja
Pooja
Contributor
April 2, 2021

@Wenfeng @Mirek 

Any solution for this error, we are also facing the same issue.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.