Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

[Jira] LDAP connector not functional after migration to new server

Ahmed Hassan
Ahmed Hassan January 15, 2019

Hello,

I have migrated an Jira instance to a new server through an XML export/import , the LDAP connector is still working fine on the old system but not on the new system , i checked on both DB with

select * from cwd_directory_attribute WHERE directory_id=x ORDER BY attribute_name;

-the directory config between old/new systems are mirror image from each other

-Jira version on old server: v7.10.2

-Jira version on new server: v7.12.1

-DB used: postgresql DB

-Dir Type: Internal with LDAP authentication (Microsoft Active Directory)

I'm able to connect to the AD server from Jira server on port 389 , also When I test the LDAP connection in Jira web interface it says ok , it says not all tests are performed though

testing.png

I follow TBS for crowd since I think Jira use same https://confluence.atlassian.com/crowdkb/crowd-user-authentication-fails-with-directory-x-is-not-functional-during-authentication-error-391086721.html?_ga=2.126048781.1879567303.1547538059-913392094.1547538059 ,

The resolution didn't work , below are the logs during the login of LDAP user "ber****" which can still login normally on the old system but not on the new system

2019-01-14 15:07:06,944 http-nio-<tomcat_ip>-<tomcat_port>-exec-9 DEBUG anonymous 907x458x2 1brr50w <clinet_ip> /rest/gadget/1.0/login [c.a.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = dc=foo,dc=bar,dc=org - filter = (&(&(objectCategory=Person)(sAMAccountName=*))(sAMAccountName=ber****))


2019-01-14 15:07:50,069 http-nio-<tomcat_ip>-<tomcat_port>-exec-9 DEBUG anonymous 907x458x2 1brr50w <clinet_ip> /rest/gadget/1.0/login [c.a.crowd.directory.SpringLDAPConnector] Paged results are enabled with a paging size of: 1000


2019-01-14 15:09:57,292 http-nio-<tomcat_ip>-<tomcat_port>-exec-9 INFO anonymous 907x458x2 1brr50w <clinet_ip> /rest/gadget/1.0/login [c.a.c.directory.ldap.SpringLdapTemplateWrapper] Timed call for search with handler on dc=foo,dc=bar,dc=org took 127222ms


2019-01-14 15:09:57,293 http-nio-<tomcat_ip>-<tomcat_port>-exec-9 ERROR anonymous 907x458x2 1brr50w <clinet_ip> /rest/gadget/1.0/login [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'Delegated LDAP Authentication' is not functional during authentication of 'ber****'. Skipped.

 

Answer
Watch
Like Be the first to like this
563 views

1 answer

0 votes
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2019

There is little to tell what’s wrong here.

  1. I’ll normally test the LDAP using a user as to see where it is failing st exactly.
  2. if this gives an all green then delete and reconfiguring the LDAP has worked for me.

Going from what I see from the error, it seems the LDAP isn’t working or not allowing authentication when the user attempted to login.

These are my suspicions but I believe others may also be able to help here.

View More Comments
Ahmed Hassan
Ahmed Hassan January 15, 2019

Hi Ismael ,

1-Yes these logs are captured during login of a user that uses LDAP to authenticate to Jira(not internal user) , I have edited the original post to make this clear , thanks for pointing this out

2-Yes but if i do so , the new dir will have another directory ID , will the internal groups(groups created at Jira internal dir) with members from the LDAP be affected with that because the group memberships in database will be referring to original directory database ID which become deleted or disabled?

Thanks,

Hassan

Like
Ismael Jimoh
Ismael Jimoh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2019

I do agree you will need to remap groups if you delete the directory.

 

The test I was asking if you performed is the more detailed test rather than the one testing if you can reach the directory. This is referenced in the image you attached as well.

This test goes through various steps such as user presence, group, membership tests to name a few.

Performing it gives you a better idea of where JIRA is failing the connection exactly.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.