Login using Active Directory in Atlassian Jira fails with LDAP: error code 1

Written by - 0 comments

Published on May 16th 2019 - Listed in Linux Atlassian

I've seen this a couple of times already and today it happened again. Login into Atlassian Jira, using an Active Directory as user directory, failed. In the logs the following error appeared:

Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR), data 0
]; remaining name 'OU=Users'
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:225)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:221)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:221)
    at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:410)
    ... 10 more
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR), data 0
]; remaining name 'OU=Users'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
    ... 2 filtered
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90)
    at com.sun.proxy.$Proxy4663.search(Unknown Source)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.lambda$timedCall$0(SpringLdapTemplateWrapper.java:224)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
    ... 16 more

According to the Jira KB, LDAP Error 1 means:

This is an internal error, and the LDAP Server isn't able to respond with a more specific error. Usually, this indicates an error at the LDAP server, rather than a problem with the request that was made.

This description is not really helpful...

I had more luck looking up the SvcErr which comes from LDAP/AD itself:

SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR)

I found the relevant hint on a ServiceNow community post:

The error is related to the base DN which is not complete.

I checked the User Directory settings of Jira and indeed, the base DN is gone:

I remembered that we had this case a couple of times, give or take 4 times in the last 3 years. The Base DN field just simply got emptied after a Jira restart. Nobody knows why this happens but it did.

Once the Base DN was set, Active Directory synchronization and login into Jira worked again.

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.