Synchronization with LDAP server fails generating different errors in the logs
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When Bitbucket Server connects to LDAP server to syncronize it, the following appears in the atlassian-bitbucket.log
:
Stack trace #1:
2017-09-18 07:10:08,976 ERROR [Caesium-1-1] c.a.s.c.impl.SchedulerQueueWorker Unhandled exception thrown by job QueuedJob[jobId=com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerManager.262145,deadline=1505423761490]
java.lang.OutOfMemoryError: Java heap space
Stack trace #2:
2017-09-18 08:17:50,181 ERROR [Caesium-1-4] c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 262145 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: somedomain.com:389; nested exception is javax.naming.CommunicationException: somedomain.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
at
...
Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction;
...
Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction
Cause
The errors are being thrown when attempting to sync to AD user directory. Bitbucket is trying to retrieve a large amount of users from LDAP, which is causing java heap errors.
Resolution
Resolution #1 - Apply LDAP filters
It's necessary to restrict the users that needs to be retrieved from LDAP. Information on how to create LDAP filters can be found here:
Resolution #2 - Change User Directory
Disable LDAP active sync and set up "Delegated LDAP Authentication", which does not require synchronization.