Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problems with Active Directory

ket.pjwstk
ket.pjwstk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 21, 2011

Hi,

Our goal is to retrieve one group of users with all members and our configuration looks like:

Base DN O=some dn

Additional Users DN /left empty/

Additional Group DN:cn=group_name,cn=groups

And everything is almost fine, because we get group with members, however with also get all users that are not members of any group. And thats a prboblem, because there are ~38k of such users in given AD instance.

Answer
Watch
Like Be the first to like this
9241 views

2 answers

1 accepted

1 vote
Answer accepted
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 21, 2011

You need to set the user object filter under "user schema settings". There you need to filter for only users that are members of your group... using the memberOf attribute.

Eclipse directory studio or JXplorer is useful for testing this stuff.

View More Comments
ket.pjwstk
ket.pjwstk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2011

I've done as you wrote and it helped. Ie. I got specific group with users, however I get the following error:

INFO] [talledLocalContainer] com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error
code 34 - 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8350, best match of:
INFO] [talledLocalContainer] 'CN=Deleted Objects,null'
INFO] [talledLocalContainer] ]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001F7,
problem 2006 (BAD_NAME), data 8350, best match of:
INFO] [talledLocalContainer] 'CN=Deleted Objects,null'
INFO] [talledLocalContainer] ]; remaining name 'CN=Deleted Objects,null'

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2011

Hrm, you might not have permission to that DN. See http://confluence.atlassian.com/display/JIRA/User+Management+Limitations+and+Recommendations#UserManagementLimitationsandRecommendations-SpecificNotesforConnectingtoActiveDirectory , 4th or 5th point.

Like
Reply
0 votes
Amit Girme
Amit Girme July 11, 2013
Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events