Users are unable to log in to Confluence (LDAP: error code 49, data 52e)
Users are unable to log in. Nothing has changed in Confluence side.
The following appears in the
2017-10-25 14:13:07,009 ERROR [scheduler_Worker-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 31064065 ]. com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:847) ... Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]
LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with Confluence are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49
This can happen when that user is either removed or has its password changed from LDAP side.
Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you'll be able to access the User Directory settings and change the "Username" field with a valid admin user or change the "Password" field with the new password, allowing Confluence to connect to LDAP.
Alternatively, you can run the following query against your database to find out which one is the admin account that Confluence uses to connect to the LDAP:
SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn';
Note: The query may return multiple results in case you have more than one User Directory in your Confluence instance.
Re-adding the user back to the LDAP with the same password should resolve the issue.