InvalidSearchFilterException: Empty filter when Synchronising LDAP

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

When synchronising the LDAP directory, the synchronisation fails with this in logs:

The following appears in the atlassian-jira.log:

2012-01-17 13:18:48,791 ERROR [QuartzScheduler_Worker-9] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidSearchFilterException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name 'DC=pirates,DC=oceans,DC=com'
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:284)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:41)

Cause

  1. One of the following fields is blank:
    1. User Object Filter
    2. Group Object Filter
  2. Roles are enabled.  This has been deprecated for quite some time and should always be disabled.

Resolution

For Cause 1
For Cause 2
  • Create a new LDAP directory. By default, the ldap.roles.disabled will be set to true
  • Otherwise, disable Roles in your current LDAP configuration. As there is no way to do this in the interface, this will require manual database edits. Here is the SQL query to return that attribute's information:

Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

  1. Confirm the attribute_value is false with the below SQL:

    select * from cwd_directory_attribute where attribute_name = 'ldap.roles.disabled';
  2. If it is false, backup JIRA.
  3. Stop JIRA.

  4. Execute the update statement below:

    update cwd_directory_attribute set attribute_value = 'true' where attribute_name = 'ldap.roles.disabled';

    (info) This SQL is for PostgreSQL and may require changing depending on your DBMS.

  5. Start JIRA.

(info) Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.

Last modified on Jan 22, 2019

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.