Jira server fails to synchronize with LDAP server with Unable to find the username of the principal error

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

JIRA fails to synchronize with LDAP server.

The following appears in the atlassian-jira.log:

2013-01-28 03:15:59,598 QuartzWorker-0 ERROR ServiceRunner     [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:266)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
	at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.

Cause

The User Name Attribute (ldap.user.username) specified in JIRA's LDAP connector (User Schema Settings) is not applicable for all or some users found in the LDAP filter specified. 

For example, the attribute field used on the user object would be sAMAccountName for Active Directory Servers and if the value for this attribute is empty it will fail to properly map during synchronization, causing the above exception.

Workaround

Exclude user objects with the missing User Name Attribute with a LDAP search filter. See more here on How to write LDAP search filters.

Resolution


Add the missing User Name Attribute to the objects that are causing the LDAP synchronization to fail. JIRA Application logs will contain the objects causing the failed synchronization (for example they reference username, which maps to sAMAccountName in Active Directory).


(info) Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.

Last modified on Sep 25, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.