Confluence incremental synchronisation failed and falls back to a full sync when connecting to LDAP
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Incremental synchronisation with LDAP directory fails while full synchronisation works.
The following ERROR appears in atlassian-confluence.log during an incremental sync.
ERROR [scheduler_Worker-8] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache Incremental synchronisation for directory [ 129400833 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresherIncSyncException: Cache returned different number of guids and users (possible reason is overlapping guids in cache, most likely null/empty values).
Diagnosis
Environment
- A non-cluster AD with more than one domain controller
- If the Confluence is connected to Oracle 12c Database, it might be affected by CONFSERVER-55585 - Incremental synchronization is failing when the Confluence is Connected to the Oracle 12c.
Diagnostic Steps
No result returned from the following database query:
SELECT id, user_name, directory_id, external_id FROM cwd_user WHERE (external_id IN (SELECT external_id FROM cwd_user GROUP BY external_id HAVING count(external_id) > 1) OR external_id IS NULL) AND directory_id = '<user_directory_id>';
The number of users in the
cwd_usertable is equal to the number of users returned by the user filter in the LDAP connector, however, Confluence is calling for less numbers of users in a full synchronization:2015-12-17 06:55:10,058 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] getUsersToAddAndUpdate scanning [ xxxx ] users to add or update
Cause
Confluence is comparing the number of GUID which results in either a mismatch or un-readable GUID which causes the incremental sync to fail.
Workaround
Stop Confluence
Add the following system property into Confluence:
-Dcrowd.use.legacy.ad.incremental.sync=truePlease refer to the documentation on Configuring system properties for details on adding a system property.
Always perform the necessary backup to your Confluence instance before performing any modification. If possible, try your modifications on a test server.
Start Confluence