LDAP in Jira

Chang Park September 29, 2014

I would like to ask a couple of questions related to LDAP in Jira

  1. We can retrieve LDAP user accounts including all attributes.  But we can't retrieve/search LDAP groups.  How can we make this work?
  2. When we sync LDAP, it fails with the following issue.  What is wrong?  and What needs to be done in order to fix this?

    2014-09-29 11:15:45,271 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:233)  at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:80)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:164)  at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1014)  at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)  at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)  at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)  at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)  at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)  at org.quartz.core.JobRunShell.run(JobRunShell.java:223)  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at java.util.concurrent.FutureTask.report(Unknown Source)  at java.util.concurrent.FutureTask.get(Unknown Source)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:214)  ... 12 more Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:443)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:426)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjectsOfSpecifiedGroupType(SpringLDAPConnector.java:1213)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjects(SpringLDAPConnector.java:1249)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroups(SpringLDAPConnector.java:1281)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:153)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:148)  at java.util.concurrent.FutureTask.run(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)  at java.lang.Thread.run(Unknown Source) Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:99)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:372)  ... 11 more Caused by: javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(Unknown Source)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:296)  ... 17 more Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)  at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.constructAdapterFromName(DefaultDirObjectFactory.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.getObjectInstance(DefaultDirObjectFactory.java:79)  at javax.naming.spi.DirectoryManager.createObjectFromFactories(Unknown Source)  ... 24 more Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)  at org.springframework.ldap.core.DnParserImpl.jj_ntk(DnParserImpl.java:264)  at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:98)  at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)  at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)  ... 29 more

 

 

1 answer

1 accepted

1 vote
Answer accepted
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 29, 2014

Hi Chang, looks like you're facing the same error described in this KB. It seems that the group CN=Users,DC=agilent,DC=com has some invalid entries.

Cheers

Chang Park September 29, 2014

Hi Tiago, Thanks for your quick response. When I checked "Distinguished name" in active directory, I see the following format for the group, "LOC-CAD-CASD-CLRUSER". CN=LOC-CAD-CASD-CLRUSER,CN=Users,DC=agilent,DC=com But you mean there are groups that have different format from the one above? One more question if you don't mind... I can't retrieve/search LDAP groups, whereas I can retrieve/search LDAP user accounts. Do you think this issue is why I can't see LDAP groups? Thanks for your help again. Chang

Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 29, 2014

Hi Chang, I'm very positive that this issue is associated with the problem with searching LDAP users, if the directory synchronization fails for any reason, we can't expect the LDAP integration to be fully functional. Also, the error in your logs indicate that there's a slash ("\") being referenced in your LDAP. I hope it helps. Cheers

Marcus Silveira
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 29, 2014

Hey Chang, Please note that the problem is most likely not with the direct DN used in JIRA's configuration, but with some entry under that Base DN set. You may want to generate a Full LDIF of your entire tree under the Base DN and look for entries containing double slashes (\\). You'll need to either remove the slashes, or make sure the LDAP connection doesn't get that entry. Cheers

Suggest an answer

Log in or Sign up to answer