Jira Login is slow after updating base DN

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

After updating the User Directory Base DN one level up for example from 'OU=support,DC=atlassian,DC=com' to 'DC=atlassian,DC=com' logging in becomes very slow.

The following appears in the atlassian-jira.log

1 Timed call for search with handler on DC=atlassian,DC=com took 21016ms

Cause

Follow Referral is enabled. AD server will respond with users and the referral that's in the root of the LDAP tree because there could be more users over there.

The application will follow the referral. This will result in:

  1. A DNS lookup of the base DN ( dc=example,dc=com means a lookup for example.com)

  2. A connection to port 389 or 636 at example.com, which is back to the same server.

Resolution

Disable 'Follow Referrals' under the menu Administration ( ⚙ ) >User management > User Directories >(Edit the active ldap directory) > Advanced Settings

Updated on April 10, 2025
Platform
Data Center only
Products
Jira Software Data Center
Jira Core Data Center
Jira Service Management Data Center
On this pageProblemCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community