Lexical error during directory synchronization

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

During the synchronization with an LDAP directory, the following appears in the atlassian-confluence.log:

2011-12-15 11:54:52,422 ERROR [QuartzScheduler_Worker-8] [directory.ldap.mapper.GroupContextMapper] mapFromContext Failed to map attribute <memberDNs> from context with DN <cn=Confluence,ou=groups,dc=example,dc=com>
org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5.  Encountered: "_" (95), after : ""
Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5.  Encountered: "_" (95), after : ""
    at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:690)
    at org.springframework.ldap.core.DnParserImpl.jj_consume_token(DnParserImpl.java:219)
    at org.springframework.ldap.core.DnParserImpl.SpacedEquals(DnParserImpl.java:114)
    at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:94)
    at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)
    at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)
    at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:184)
    at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:140)
    at com.atlassian.crowd.directory.ldap.util.DNStandardiser.standardise(DNStandardiser.java:72)
    at com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnMapper.getValues(RFC4519MemberDnMapper.java:43)
    at com.atlassian.crowd.directory.ldap.mapper.GroupContextMapper.mapFromContext(GroupContextMapper.java:60)
    at org.springframework.ldap.core.ContextMapperCallbackHandler.getObjectFromNameClassPair(ContextMapperCallbackHandler.java:67)
    at org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:297)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
    at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:379)
    at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:351)
    at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjectsOfSpecifiedGroupType(SpringLDAPConnector.java:1045)
    at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjects(SpringLDAPConnector.java:1093)
    at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroups(SpringLDAPConnector.java:1102)
    at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteGroups(RemoteDirectoryCacheRefresher.java:50)
    at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllGroups(RemoteDirectoryCacheRefresher.java:74)
    at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:42)
    at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
    at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
    at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
    at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
    at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
    at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)

Cause

The LDAP group mentioned in the stack trace has some invalid entries. See in this example:

dn: cn=Confluence,ou=groups,dc=example,dc=com
owner: confluence-wiki
objectClass: groupOfUniqueNames
objectClass: top
cn: Confluence
uniqueMember: test_user1
uniqueMember: test_user2

In this case, the uniqueMember attributes doesn't have a valid DN, it should inform something like uid=test_user1,ou=users,dc=example,dc=com.

Resolution

There are two possible solutions to this issue:

  • Write a more restrictive group search filter to exclude the problematic group from the synchronization result. See this documentation for more details.
  • Fix the invalid entries directly on your LDAP and trigger the synchronization again.

(info) See this documentation for more details about special characters in Crowd.

 

 

 

 

 

 

 

  

 

 

 

 

 

 

 

Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.