Exception: javax.naming.directory.InvalidSearchFilterException. We can't synchronize Active directory.

Hi,


We can't synchronise one user directory with Active directory. And some new users they can't loggin.

When we try sinchronising, it throws this error:

Test retrieve group : Failed
org.springframework.ldap.InvalidSearchFilterException: invalid attribute description; nested exception is javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=UHS_OÑATI,dc=uhs,dc=local'

In the directory settings we put in the "Group Schema settings", in the "Group Object Filter" atribute we try with 2 different options: (objectCategory=Group) , (&(objectClass=group)(cn=*))
But it doesn't work.

We've got another directory in the same server and it works perfectly.

4 answers

1 accepted

0 votes
Accepted answer

Thank you for your help. But at finallly, the problem was a bug of a version.

https://confluence.atlassian.com/display/JIRAKB/InvalidSearchFilterException%3A+Empty+filter+when+Synchronising+LDAP

We create new directory with the same parameters and it works!

Thanks!

Hi, both your filters seem correct, the only thing that called my attention was the Ñ in your base DN, I've never seem this character in an LDAP configuration, you may want to test it without ou=UHS_OÑATI just to rule out this possible issue from the list.

Cheers

yep, my bet is that you have an LDAP v2 connection (even if AD seems to support both 2 and 3), which means the underlying (guessing oracle) ldap filter impl converts your multibyte characters to ISO-8859 (latin-1) which could explain what you see. LDAP v3 gets converted to UTF-8.

- http://www.docjar.com/html/api/com/sun/jndi/ldap/Filter.java.html

Hi,

Tiago, but it works before with Ñ.

Andy, what can I do?

Thanks.

Get an LDAP tool like http://directory.apache.org/studio/and validate your queries outside JIRA against your LDAP server. If you can get that to work, then you have a case for a bug report, if not, its a language/system incompatibility with (most likley) that character being the cause. In which case, a support call with M$, as it is reported that LDAP servers reporting V3 compatibility should trigger the Java VM to convert your query to UTF-8.

If you have developer resources, Id suggest getting the Java source, remote socket debugging JIRA running the filter, to determine exactly 'what' the LDAP filter is being converted to by Java.

The RFC seems to indicate that escaping is possible with \04\02\48\69 format within the filter (unverified) you just need to know what the unicode value is for the character in question, I couldnt paste it into http://unicodelookup.com/(dont know why)

Thank you for your help. But at finallly, the problem was a bug of a version.

https://confluence.atlassian.com/display/JIRAKB/InvalidSearchFilterException%3A+Empty+filter+when+Synchronising+LDAP

We create new directory with the same parameters and it works!

Thanks!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,719 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you