I would like to ask a couple of questions related to LDAP in Jira

  1. We can retrieve LDAP user accounts including all attributes.  But we can't retrieve/search LDAP groups.  How can we make this work?
  2. When we sync LDAP, it fails with the following issue.  What is wrong?  and What needs to be done in order to fix this?

    2014-09-29 11:15:45,271 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:233)  at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:80)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:164)  at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1014)  at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)  at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)  at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)  at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)  at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)  at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)  at org.quartz.core.JobRunShell.run(JobRunShell.java:223)  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at java.util.concurrent.FutureTask.report(Unknown Source)  at java.util.concurrent.FutureTask.get(Unknown Source)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:214)  ... 12 more Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:443)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:426)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjectsOfSpecifiedGroupType(SpringLDAPConnector.java:1213)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjects(SpringLDAPConnector.java:1249)  at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroups(SpringLDAPConnector.java:1281)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:153)  at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$4.call(UsnChangedCacheRefresher.java:148)  at java.util.concurrent.FutureTask.run(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)  at java.lang.Thread.run(Unknown Source) Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:217)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:99)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:96)  at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:372)  ... 11 more Caused by: javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""]; remaining name 'CN=Users,DC=agilent,DC=com'  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(Unknown Source)  at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(Unknown Source)  at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:296)  ... 17 more Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:224)  at org.springframework.ldap.core.DistinguishedName.<init>(DistinguishedName.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.constructAdapterFromName(DefaultDirObjectFactory.java:174)  at org.springframework.ldap.core.support.DefaultDirObjectFactory.getObjectInstance(DefaultDirObjectFactory.java:79)  at javax.naming.spi.DirectoryManager.createObjectFromFactories(Unknown Source)  ... 24 more Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 22.  Encountered: "\\" (92), after : ""  at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:678)  at org.springframework.ldap.core.DnParserImpl.jj_ntk(DnParserImpl.java:264)  at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:98)  at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58)  at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23)  ... 29 more

 

 

1 answer

1 accepted

Hi Chang, looks like you're facing the same error described in this KB. It seems that the group CN=Users,DC=agilent,DC=com has some invalid entries.

Cheers

Hi Tiago, Thanks for your quick response. When I checked "Distinguished name" in active directory, I see the following format for the group, "LOC-CAD-CASD-CLRUSER". CN=LOC-CAD-CASD-CLRUSER,CN=Users,DC=agilent,DC=com But you mean there are groups that have different format from the one above? One more question if you don't mind... I can't retrieve/search LDAP groups, whereas I can retrieve/search LDAP user accounts. Do you think this issue is why I can't see LDAP groups? Thanks for your help again. Chang

Hi Chang, I'm very positive that this issue is associated with the problem with searching LDAP users, if the directory synchronization fails for any reason, we can't expect the LDAP integration to be fully functional. Also, the error in your logs indicate that there's a slash ("\") being referenced in your LDAP. I hope it helps. Cheers

Hey Chang, Please note that the problem is most likely not with the direct DN used in JIRA's configuration, but with some entry under that Base DN set. You may want to generate a Full LDIF of your entire tree under the Base DN and look for entries containing double slashes (\\). You'll need to either remove the slashes, or make sure the LDAP connection doesn't get that entry. Cheers

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

890 views 5 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot