Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Stash Synchronize Remote Active Directory Fails

Andrew DesLauriers
Andrew DesLauriers October 7, 2014

Trying to synchronize a large, remote active directory fails every time. We have increased the read, search, and connection timeouts. We've tried incremental vs full synchronizations. We are having no trouble with a large, local, active directory.

After manually starting a synchronization, refreshing the User Directories page will show the user group it's currently syncing. After a while, refreshing the User Directories page shows the same user group over and over, and eventually it will say 'Synchronisation failed. See server logs for details." There are no entries mentioning AD syncing in any of the logs within the /opt/atlassian/stash/3.2.0/logs/ directory. The failure occurs at random times, between 10 and 4000 seconds.

This has caused team members to not be able to log in to Stash after changing their AD account password. The problem has existed for several weeks.

When syncing a user group fails, is it possible to get Stash to try again, or skip to the next user group?

Answer
Watch
Like Be the first to like this
898 views

1 answer

1 accepted

0 votes
Answer accepted
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 7, 2014

Hi Andrew, for large LDAP directory the recommendation is use delegated authentication, instead of using the connector directory type (the one the performs sync). If this is not an option for you, you may consider reducing the synchronization scope with a more restrictive OU, or creating a filter.

Additional to that, since you mentioned that you're using AD, we've seen customer reporting that they've improved synchronization performance and avoided some issues when using the global catalog port (3268), instead of the default port (389) in the LDAP configuration. You may be interested in checking if it helps.

Cheers

View More Comments
Andrew DesLauriers
Andrew DesLauriers October 7, 2014

Changing the port from 389 to 3268 did the trick. Thanks!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events