Active Directory users fail to logon intermittently
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
Users seeing intermittent authentication failures. A user's attempt to login to Jira using their AD Domain account credentials will fail.
The following appears in the atlassian-jira.log
2018-01-26 14:10:52,581 http-nio-8080-exec-2 INFO vicknesh 850x72031x1 hd3fw 192.168.5.5 /secure/admin/WebSudoAuthenticate.jspa [c.a.c.directory.ldap.SpringLdapTemplateWrapper] Timed call for search with handler on DC=atlassian,DC=co,DC=uk took 21644ms
2018-01-26 14:10:52,582 http-nio-8080-exec-2 ERROR vicknesh 850x72031x1 hd3fw 192.168.5.5 /secure/admin/WebSudoAuthenticate.jspa [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'Active Directory server' is not functional during authentication of 'vicknesh'. Skipped.
2018-01-26 14:10:52,583 http-nio-8080-exec-2 ERROR [o.a.c.c.C.[.[localhost].[/].[action]] Servlet.service() for servlet [action] in context with path [] threw exception [com.atlassian.crowd.exception.runtime.OperationFailedException] with root cause
原因
Unknown
回避策
Turning off "Follow Referrals (Allow the LDAP server to redirect requests to other servers.)" allows the login to work consistently.
To turn off this option, follow the steps below:
- Access "User Directories" page in JIRA.
- Edit the user directory.
- Click on "Advanced Settings" and untick "Follow Referrals".
[照会に従う] を無効化するとどうなりますか?
- 1 つのドメインのみを保持している場合、設定変更による悪影響はありません。
- フォレストに複数のドメインが参加している場合、クロスドメイン メンバーシップが解決されなくなります。
- If you must have cross-domain memberships and you can't fix the DNS issues, then you can point JIRA at your Global Catalog. This is read-only, but it does contain all users, groups, and memberships from across your Forest. Talk to your AD admin for Global Catalog connection details.