LDAP synchronization is failing

Related content

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Jira fails to synchronize with LDAP server and following errors are noticed in the atlassian-jira.log:

Error occurred while refreshing the cache for directory [ 10001 ] org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03152C42, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Configuration,CN={abc-abc-abc-abc}']; 
nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSI D-03152C42, problem 2001 (NO_OBJECT), data 0, best match of:'CN=Configuration,CN={abc-abc-abc-abc}']; remaining name 'CN=NTDS Settings,CN=ABC,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,CN={abc-abc-abc-abc-abc}'
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:183)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:376)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:440)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedGet(SpringLdapTemplateWrapper.java:128)
	at com.atlassian.crowd.directory.ldap.monitoring.TimedSupplier.get(TimedSupplier.java:37)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:85)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:117)
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchInvocationId(MicrosoftActiveDirectory.java:716)
	at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:179)


Cause

Jira is trying to retrieve the InvocationID from AD LDS com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchInvocationId(MicrosoftActiveDirectory.java:716).

When Jira is configured with AD Connector, Crowd attempts to fetch invocationId and highestCommitedUSN at the end of the synchronization process. However, synchronization fails due to a schema mismatch between AD LDS and what the AD Connector expects. These values are generally unnecessary for full synchronization and occur only when incremental synchronization is enabled.


Solution

Uncheck the Enable Incremental Synchronisation by navigating to the Jira administration  ⚙️  > User management > User Directories > Advanced settings of the affected user directory

A feature request has been submitted (CWD-5572) to Enable Support AD LDS using the AD Connector. However, at this time, disabling the incremental synchronization is the only available workaround.




Last modified on Jun 23, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

Powered by Confluence and Scroll Viewport.