I would like to ask a couple of questions related to LDAP in Jira

  1. We can retrieve LDAP user accounts including all attributes.  But we can't retrieve/search LDAP groups.  How can we make this work?
  2. When we sync LDAP, it fails with the following issue.  What is wrong?  and What needs to be done in order to fix this?

    2014-09-29 11:15:45,271 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:233)  at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:80)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:164)  at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1014)  at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)  at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)  at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)  at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)  at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)  at org.quartz.core.JobRunShell.run(JobRunShell.java:223)  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at java.util.concurrent.FutureTask.report(Unknown Source)  at java.util.concurrent.FutureTask.get(Unknown Source)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:214)  ... 12 more Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:443)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:426)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjectsOfSpecifiedGroupType(SpringLDAPConnector.java:1213)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjects(SpringLDAPConnector.java:1249)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroups(SpringLDAPConnector.java:1281)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:153)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:148)  at java.util.concurrent.FutureTask.run(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)  at java.lang.Thread.run(Unknown Source) Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:99)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:372)  ... 11 more Caused by: javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(Unknown Source)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:296)  ... 17 more Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)  at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.constructAdapterFromName(DefaultDirObjectFactory.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.getObjectInstance(DefaultDirObjectFactory.java:79)  at javax.naming.spi.DirectoryManager.createObjectFromFactories(Unknown Source)  ... 24 more Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)  at org.springframework.ldap.core.DnParserImpl.jj_ntk(DnParserImpl.java:264)  at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:98)  at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)  at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)  ... 29 more

 

 

1 answer

1 accepted

1 vote
Accepted answer

Hi Chang, looks like you're facing the same error described in this KB. It seems that the group CN=Users,DC=agilent,DC=com has some invalid entries.

Cheers

Hi Tiago, Thanks for your quick response. When I checked "Distinguished name" in active directory, I see the following format for the group, "LOC-CAD-CASD-CLRUSER". CN=LOC-CAD-CASD-CLRUSER,CN=Users,DC=agilent,DC=com But you mean there are groups that have different format from the one above? One more question if you don't mind... I can't retrieve/search LDAP groups, whereas I can retrieve/search LDAP user accounts. Do you think this issue is why I can't see LDAP groups? Thanks for your help again. Chang

Hi Chang, I'm very positive that this issue is associated with the problem with searching LDAP users, if the directory synchronization fails for any reason, we can't expect the LDAP integration to be fully functional. Also, the error in your logs indicate that there's a slash ("\") being referenced in your LDAP. I hope it helps. Cheers

Hey Chang, Please note that the problem is most likely not with the direct DN used in JIRA's configuration, but with some entry under that Base DN set. You may want to generate a Full LDIF of your entire tree under the Base DN and look for entries containing double slashes (\\). You'll need to either remove the slashes, or make sure the LDAP connection doesn't get that entry. Cheers

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 05, 2018 in Jira Software

Jack Graves: Real Ale enthusiast with a knack for Jira Software implementation

@Jack Graves [AC] first caught our eye with his incredible breakdown of what, in his opinion, can make or break a Jira software implementation. (Read his thoughts on this thread)! In this follow...

96,851 views 4 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you