LDAP users unable to login due to incorrect User Name Attribute
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
LDAP integration is set using an internal directory with LDAP authentication. When an LDAP user attempts to log in to a JIRA application, the following appears in the atlassian-jira-security.log:
1
2013-06-14 17:34:08,038 http-8090-2 anonymous 1054x280x1 12rcd8y 127.0.0.1 /rest/gadget/1.0/login login : 'user_01' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
Cause
The attribute defined in the field User Name Attribute of the LDAP directory configuration in the JIRA application is not the correct one to map user names.
Resolution
Use an LDAP browser, such as JXplorer or Apache Directory Studio, to connect to the LDAP server and check the correct attribute for username.
ℹ️ This attribute must be unique. This attribute should return only one value from the LDAP server.
ℹ️ The User Name Attribute may vary depending on your LDAP distribution or scheme configuration, but some common attributes are sAMAccountName for Microsoft Active Directory and UID for most LDAP implementations based on OpenLDAP.
Log in to the JIRA application as an internal administrator;
Edit the LDAP directory settings and update the attribute in the User Name Attribute field to use the correct one.
Was this helpful?