==== Add a LDAP Directory ====
1. Log in JIRA
2. Setting
3. User management
4. User Directories
5. Add Directory (Internal with LDAP Authentication, Next)
6. To Configure Internal with LDAP Authentication User Directory, see the two screenshots attached, i.e. LDAP_Configuration_1.JPG and LDAP_Configuration_2.JPG.
7. Test Settings (to see if the connection is successful)
8. Save and Test
==== Create LDAP Users ====
1. Log in JIRA
2. Setting
3. User management
4. Users
* At this stage, you may see two users in the list. One user is in Jira Internal Directory, which is created when you firstly set up JIRA. It is strongly recommended that you keep an user in Jira Internal Directory. Once some errors happended so that LDAP users cannot log in, this Jira Internal Directory can log in to fix the problem. Another user you may see is the CN1CI0Q1 (the user used to configure LDAP).
5. Create User
6. See a screenshot attached for details, i.e. Create New User.JPG.
7. Create
* Then a notification email is sent to the user. Click "JIRA" label in email will open the JIRA login page and the user can login with his or her Windows Active Directory information.
=== Set User Group/Permission ====
For example, I want to set my manager to be the Jira-Administor. Then:
1. Log in JIRA
2. Setting
3. User management
4. Users
5. Find the user that I want to change the group for
6. Groups
7. Select "jira-administrators" in Available Groups and then click "Join selected groups".
* Now if you check the user‘s "Groups" information, he or she has become one of the jira-administrators. An example shortcut is attached as well, i.e. Users.JPG.
=== Troubleshooting ====
- [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] (Screenshots attached: LDAP Debug Process_Screenshot.rar)
Root cause
The intern account password has been changed and so the LDAP configuration on JIRA needs to be updated as well (i.e. update the password).
Test the connection with new password shows the connection is successful.
The page is then reloaded, and the old password is auto- filled again to the form, leading to the LDAP error after “Save and Test”. (The wrong/old password is used)
“Save and Test” button is only available after “Test Connection” button has been pressed, so that I can’t “Save and Test” without “Test Connection”.
Solution
Then according to Dima’s suggestion, I played a trick, i.e. re-enter the password after “Test Connection” but before “Save and Test” to ensure that the new password is actually saved.
"An email to Dxxxu"
LDAP users failed to log in JIRA because of an error "Sorry, an error occurred trying to log you in - please try again." on login page. The same error appeared when log in with the same username but wrong password. However, Jira Internal Directory user can still login. So it could be LDAP errors.
Then I log in with Jira Internal Directory user account and test the connection of LDAP configuration, which reported an error "Connection test failed. Response from the server: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]".
This error, as explained by Atlassian and Windows, happens when the username is legal but the password or the credential is invalid. One possible reason is that the password is wrong. However, there could be some other reasons which are hidden by this error.
Changes:
[1] The company requires Windows Active Directory users to change their password every three months and the last change is more than 10 days ago, which I suppose should not be the reason for this error. We haven‘t contact AD administer to confirm what changes they have made yet.
[2] The password for group\user (used to configure LDAP) has been changed on this Monday. So then I have updated the password in LDAP configuration. Then test the connection, no LDAP error (i.e. connection is successful). Test the connection again gave me the same LDAP error, which looks like the password is not really saved in the database and the connection is still using the old password in the LDAP configuration.
I‘ve also tried to add another "Internal with LDAP Authentication" Directory and use the same configuration as the initial one. The same LDAP error was reported.
"An email from Duxxxu"
Most probably you have wrong password, my suggestion would be to follow exactly this steps:
1) Open your AD/LDAP configuration page in Jira for editing (Configure Internal with LDAP Authentication User Directory)
2) Enter your password
3) Click : “Test settings”
4) Enter the password again(now you have Save button enabled)
5) Click Save and Test button
The reason is that when you are entering the first time the password it is correct one, but after Testing the settings the page is reloaded and probably the browser is filling the password field with the wrong one so entering the second time correct password should solve the problem.
Note: Before following this steps try to log in with this user to some remote machine to be sure that the account is not locked. Usually Siemens account is locked after 3 wrong logins so there are big chances that your account is locked already if you saved your user with the wrong password.