Problem

After configuring a directory to connect to AD/LDAP, you see that the connection test is successful; however, no users are pulled from that AD/LDAP directory.

The following appears in the atlassian-crowd.log:

Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.LimitExceededException: Referral limit exceeded; nested exception is javax.naming.LimitExceededException: Referral limit exceeded [Root exception is com.sun.jndi.ldap.LdapReferralException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
	ref 1: 'atlassian.con'
�]; remaining name '']; remaining name ''
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:148)
	... 22 more

Cause

This is caused by an invalid base DN used during the configuration of the directory in Crowd. In the example above, the base DN used is dc=Atlassian, dc=con. Since the con domain controller does not exist, Crowd will get that error in its logs.

Resolution

Check with your LDAP administrator to ensure that the base DN is valid and does not contain any typos or errors. If it does all you need to do is to insert the correct base DN. In the example above all we would need to do to fix the issue is use dc=com instead of dc=con).