Error when synchronising with ADAM

Mari Scott
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 29, 2011

I have configured Crowd 2.2 to connect to Microsoft ADAM. The connection tests ok, and the test search for both groups and users are ok too.

The user dn I have used for the account that Crowd should connect to ADAM with is the ADAM administrators group. I have tested outside of Crowd using ldp.exe, that the user can bind to the directory just fine.

Crowd does not bring across any users, and has this exception in the log.

Any help greatly appreciated!!!

2011-06-30 15:15:42,473 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 720897 ] starting

2011-06-30 15:15:42,505 scheduler_Worker-3 FATAL [springframework.ldap.control.AbstractRequestControlDirContextProcessor] No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl

2011-06-30 15:15:42,505 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 32ms ]

2011-06-30 15:15:42,520 scheduler_Worker-3 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 720897 ].

com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:352)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:385)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)

at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)

at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)

at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)

at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)

at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)

at org.quartz.core.JobRunShell.run(JobRunShell.java:195)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:316)

... 12 more

Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)

at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)

at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)

at sun.reflect.GeneratedMethodAccessor325.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)

at $Proxy134.search(Unknown Source)

at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)

... 14 more

3 answers

1 vote
twong_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 13, 2011

From:

http://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory

Obtaining AD object deletions requires administrator access. Active Directory stores deleted objects in a special container called <tt>cn=Deleted Objects</tt>. By default, to access this container you need to connect as an administrator and so, for Crowd to be aware of deletions, you must use administrator credentials. Alternatively, it's possible to change the permissions on the <tt>cn=Deleted Objects</tt> container. If you wish to do so, please see this Microsoft KB Article.


0 votes
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 22, 2014

Hi Agnes,

According to the document below:

There is already an improvement request so Crowd will handle this situation gracefully.

For now, please apply one of the workarounds mentioned in the KB article.

I hope that helps.

Best regards,
Thiago Bomfim

 

 

0 votes
Amit Girme July 11, 2013
Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events