Problem

Whenever JIRA runs a directory synchronization, the log is populated with the above warning messages related to adding usernames. The following appears in the atlassian-jira.log

Caesium-1-4 WARN ServiceRunner [c.a.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: <user>

Diagnosis

Environment

• Active Directory, LDAP directory, apache LDAP

Diagnostic Steps

• Enable debug/TRACE logging on the package com.atlassian.crowd.directory from Administration - > System - > Logging and Profiling - > Package name (com.atlassian.crowd.directory) to provide additional information to identify the groups and users picked by the synchronization job from the remote directory.

Cause

The warning message, Could not add the following entity to the directory   [Crowd Internal Directory ] has been found to occur both in the context of groups and users. This happens whenever JIRA recognizes a change to a user or group, but is not able to add the user or group into the cwd_user or cwd_group table. Some of the known reasons for them are

1. It picked up duplicate results for a user search. E.g. for user Joe, it can be identified from both dn=cn=joe and dn=uid=joe. This causes the first scan of the user to pick it up as add/update and the next scan as unmodified, since it has already been updated in the cwd_user table. At the end of scan it would throw the warning that it could not add the entry.

   LDAP sync

   Caesium-1-2 TRACE ServiceRunner [c.a.c.d.ldap.mapper.UserContextMapper] Created user <com.atlassian.crowd.model.user.LDAPUserWithAttributes@67eo56[dn=cn=xxxxx@company.com,ou=people,dc=bsc,dc=Atlassian,dc=com,directoryId=10000,name=xxxxx@company.com,active=true,emailAddress=xxxxx@company.com,firstName=xxxxx,lastName=xxxxx,displayName=xxxxx xxxxx,externalId=7565ghg-7686-45hu-2345-69gf8343krt56,attributes={}]> from DN <cn=xxxxx@company.com,ou=people,dc=bsc,dc=Atlassian,dc=com>
   .....
   Caesium-1-2 TRACE ServiceRunner [c.a.c.d.ldap.mapper.UserContextMapper] Created user <com.atlassian.crowd.model.user.LDAPUserWithAttributes@68er86[dn=uid=xxxxx@company.com,ou=people,dc=bsc,dc=Atlassian,dc=com,directoryId=10000,name=xxxxx@company.com,active=true,emailAddress=xxxxx@company.com,firstName=xxxxx,lastName=xxxxx,displayName=xxxxx xxxxx,externalId=7845fsf-5646-67yh-9798-406565gfe6002,attributes={}]> from DN <uid=xxxxx@company.com,ou=people,dc=bsc,dc=Atlassian,dc=com>
   .....
   Caesium-1-1 TRACE ServiceRunner     [c.a.crowd.directory.DbCachingRemoteChangeOperations] scanning users to add or update - (1079/1300 - 83.0%) 25ms elapsed
   Caesium-1-1 DEBUG ServiceRunner     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ xxxxx@company.com ] not found, adding
   ...
   Caesium-1-1 TRACE ServiceRunner     [c.a.crowd.directory.DbCachingRemoteChangeOperations] scanning users to add or update - (1231/1300 - 94.6%) 39ms elapsed
   Caesium-1-1 TRACE ServiceRunner     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ xxxx@company.com ] unmodified, skipping

2. The group description is too big to be entered into the cwd_group as documented under JRASERVER-43495 - Directory Syncronization Fails Against Active Directory Groups With Long Descriptions 

Resolution

Identify whether the issue is with synchronizing group or User. In addition to logging on the provided package, enable sql logging if needed to identify the actual error while inserting or updating to the database. In case of the group, change the column width.