問題

Users are unable to login to Bitbucket Server.

One of the following stacktrace appears in the atlassian-bitbucket.log:

2014-08-26 22:26:35,892 ERROR [clusterScheduler_Worker-2]  c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 229377 ].
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
    ...
Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.; remaining name '/'
	...
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms.

WARN  [http-nio-7990-exec-128] @1UQDXDx1198x6757x85 <ip_address> "GET /scm/<project_slug>/<repository_key>.git/info/refs HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider Could not authenticate <username>
com.atlassian.bitbucket.auth.AuthenticationSystemException: The remote authentication server is not available. Please try again later.
   ...
   Caused by: javax.naming.CommunicationException: <url>:<port>
   ...
   Caused by: java.net.ConnectException: Connection timed out

原因

There can be multiple causes for this error:

1. The LDAP directory is too huge and Bitbucket Server fails to find all of the users before the timeout.
2. There have been cases where the enabled 'Follow Referral' option causes the same behavior.
3. Stale connections are not being closed and when used the next time, they immediately fail
   1. If you're seeing authentication attempts immediately fail as opposed to after the 120000ms timeout, this could be the cause
   2. An improvement for this is being tracked at  CWD-4297 - Getting issue details... STATUS

ソリューション

1. Huge user directory

a. Increase LDAP Read Timeout

1. 1. Administration > User Directories に移動します。
   2. Edit the LDAP directory
   3. Increase the value of Read Timeout

b. Reduce the scope of the user/group search by adding filters

Connect to an LDAP directory see "Option - Use LDAP filters to restrict the number of users and groups that are synchronised"

c. Reduce the scope of the user/group search by adding Additional User / Group DNs

Connecting Bitbucket Server to an existing LDAP directory see "LDAP Schema"

d. Consider adding multiple directories differing only in Additional DNs

e. Consider switching to using delegated LDAP authentication

2. Disable Follow Referral

1. Administration > User Directories に移動します。
2. Edit the LDAP directory
3. Disable the Follow Referral option

3. Set a Timeout to Automatically Close Stale LDAP Connections in the Pool

1. Stop Bitbucket Server

2. Modify <Bitbucket Server Installation>/bin/setenv.sh to add the following parameter to the JVM_SUPPORT_RECOMMENDED_ARGS:

   JVM_SUPPORT_RECOMMENDED_ARGS="-Dcom.sun.jndi.ldap.connect.pool.timeout=300000"

   
   

   1. This will timeout idle LDAP connections from the pool after 5 minutes and help clear out any stale connections from being reused

   Bitbucket Server 5.0+ では setenv と環境変数に変更があります

   Bitbucket Server 5.0 以降では setenv.sh と setenv.bat が取り除かれています。これらのファイルで設定されていたオプションは、環境変数で設定できるようになりました。環境変数の設定場所は、実行先のオペレーティング システムに応じます。

   Linux

   When using the atlbitbucket service on Linux, the environment variables are ignored. You must set the parameters in _start-webapp.sh (or start-bitbucket.sh). These values will be read when the service starts.

   たとえば、 JVM_SUPPORT_RECOMMENDED_ARGS を設定するには、ファイルに次の行を追加します。

   例

   JVM_SUPPORT_RECOMMENDED_ARGS=-XX:+HeapDumpOnOutOfMemoryError

   Windows

   Bitbucket Server を実行しているユーザーで、パラメーターを環境変数として設定します。たとえば、JVM_SUPPORT_RECOMMENDED_ARGS を設定したい場合、それを環境変数として作成して適切な値を割り当てます。Bitbucket Server がスタートアップ スクリプトやサービスを利用して起動する際に、この値が取得および適用されます。

3. Start Bitbucket Server

その他の情報

Refer to the Common User Management Errors guide for a more detailed listing of some common LDAP error codes.