Error when synchronising with ADAM

I have configured Crowd 2.2 to connect to Microsoft ADAM. The connection tests ok, and the test search for both groups and users are ok too.

The user dn I have used for the account that Crowd should connect to ADAM with is the ADAM administrators group. I have tested outside of Crowd using ldp.exe, that the user can bind to the directory just fine.

Crowd does not bring across any users, and has this exception in the log.

Any help greatly appreciated!!!

2011-06-30 15:15:42,473 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 720897 ] starting

2011-06-30 15:15:42,505 scheduler_Worker-3 FATAL [springframework.ldap.control.AbstractRequestControlDirContextProcessor] No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl

2011-06-30 15:15:42,505 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 32ms ]

2011-06-30 15:15:42,520 scheduler_Worker-3 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 720897 ].

com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:352)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:385)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)

at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)

at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)

at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)

at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)

at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)

at org.quartz.core.JobRunShell.run(JobRunShell.java:195)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:316)

... 12 more

Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)

at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)

at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)

at sun.reflect.GeneratedMethodAccessor325.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)

at $Proxy134.search(Unknown Source)

at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)

... 14 more

3 answers

This widget could not be displayed.

From:

http://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory

Obtaining AD object deletions requires administrator access. Active Directory stores deleted objects in a special container called <tt>cn=Deleted Objects</tt>. By default, to access this container you need to connect as an administrator and so, for Crowd to be aware of deletions, you must use administrator credentials. Alternatively, it's possible to change the permissions on the <tt>cn=Deleted Objects</tt> container. If you wish to do so, please see this Microsoft KB Article.


This widget could not be displayed.
Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.
This widget could not be displayed.

Hi Agnes,

According to the document below:

There is already an improvement request so Crowd will handle this situation gracefully.

For now, please apply one of the workarounds mentioned in the KB article.

I hope that helps.

Best regards,
Thiago Bomfim

 

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in United States

Local Atlassian Research Workshop opportunity on Sep. 28th

We're looking for participants for another workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sh...

32 views 0 0
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you