Login using Active Directory in Atlassian Jira fails with LDAP: error code 1

Written by Claudio Kuenzler - 0 comments

Published on May 16th 2019 - Listed in Linux Atlassian

---

I've seen this a couple of times already and today it happened again. Login into Atlassian Jira, using an Active Directory as user directory, failed. In the logs the following error appeared:

Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR), data 0
]; remaining name 'OU=Users'
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:225)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:221)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:221)
    at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:410)
    ... 10 more
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR), data 0
]; remaining name 'OU=Users'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3176)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
    ... 2 filtered
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90)
    at com.sun.proxy.$Proxy4663.search(Unknown Source)
    at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.lambda$timedCall$0(SpringLdapTemplateWrapper.java:224)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
    ... 16 more

According to the Jira KB, LDAP Error 1 means:

This is an internal error, and the LDAP Server isn't able to respond with a more specific error. Usually, this indicates an error at the LDAP server, rather than a problem with the request that was made.

This description is not really helpful...

I had more luck looking up the SvcErr which comes from LDAP/AD itself:

SvcErr: DSID-0310081B, problem 5012 (DIR_ERROR)

I found the relevant hint on a ServiceNow community post:

The error is related to the base DN which is not complete.

I checked the User Directory settings of Jira and indeed, the base DN is gone:

I remembered that we had this case a couple of times, give or take 4 times in the last 3 years. The Base DN field just simply got emptied after a Jira restart. Nobody knows why this happens but it did.

Once the Base DN was set, Active Directory synchronization and login into Jira worked again.

Looking for professional Atlassian Jira hosting? Check out the dedicated Jira server hosting at Infiniroot!

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.