Jira にログインできない (LDAP: エラー コード 49、データ 52e)

アトラシアン ナレッジベース

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Server* 製品のサポートは 2024 年 2 月 15 日をもって終了します。Server 製品を利用している場合は、Atlassian Server のサポート終了のお知らせページにて移行オプションをご確認ください。

*Fisheye および Crucible は除く

問題

Users are unable to log in. Nothing has changed in JIRA side.

The following appears in the atlassian-jira.log:

2017-10-25 14:13:07,009 ERROR [scheduler_Worker-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 31064065 ].
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:847)

...

Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]

原因

LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with JIRA are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49

This can happen when that user is either removed or has its password changed from LDAP side.

ソリューション 1

Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you'll be able to access the User Directory settings and change the "Username" field with a valid admin user or change the "Password" field with the new password, allowing JIRA to connect to LDAP.

As an alternative to Recovery Mode, you could utilize auth_fallback by following the guide: Bypass SAML authentication for Jira Data Center 

ソリューション 2

Alternatively, you can run the following query against your database to find out which one is the admin account that JIRA uses to connect to the LDAP:

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn'; 


Note: The query may return multiple results in case you have more than one User Directory in your JIRA instance.

Re-adding the user back to the LDAP with the same password should resolve the issue.

ソリューション 3

As JIRA storing LDAP Login credential in the database without encryption, you may also update those LDAP credential in your database:

lDAP Password Field

Select * from cwd_directory_attribute where attribute_name = 'ldap.password'

LDAP User Name Field

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn';

(info) attribute_value is the fields which storing those data.

(info)  Always perform a backup before you perform edit/update query in the database. It is also highly recommended for you to perform this in a test instance before proceeding with production instance.


最終更新日: 2023 年 1 月 25 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.