Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Error when synchronising with ADAM

Mari Scott
Mari Scott June 29, 2011

I have configured Crowd 2.2 to connect to Microsoft ADAM. The connection tests ok, and the test search for both groups and users are ok too.

The user dn I have used for the account that Crowd should connect to ADAM with is the ADAM administrators group. I have tested outside of Crowd using ldp.exe, that the user can bind to the directory just fine.

Crowd does not bring across any users, and has this exception in the log.

Any help greatly appreciated!!!

2011-06-30 15:15:42,473 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 720897 ] starting

2011-06-30 15:15:42,505 scheduler_Worker-3 FATAL [springframework.ldap.control.AbstractRequestControlDirContextProcessor] No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl

2011-06-30 15:15:42,505 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 32ms ]

2011-06-30 15:15:42,520 scheduler_Worker-3 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 720897 ].

com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:352)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:385)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)

at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)

at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)

at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)

at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)

at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)

at org.quartz.core.JobRunShell.run(JobRunShell.java:195)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:316)

... 12 more

Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)

at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)

at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)

at sun.reflect.GeneratedMethodAccessor325.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)

at $Proxy134.search(Unknown Source)

at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)

... 14 more

Answer
Watch
Like Be the first to like this
778 views

3 answers

1 vote
twong_atlassian
twong_atlassian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 13, 2011

From:

http://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory

Obtaining AD object deletions requires administrator access. Active Directory stores deleted objects in a special container called <tt>cn=Deleted Objects</tt>. By default, to access this container you need to connect as an administrator and so, for Crowd to be aware of deletions, you must use administrator credentials. Alternatively, it's possible to change the permissions on the <tt>cn=Deleted Objects</tt> container. If you wish to do so, please see this Microsoft KB Article.


Reply
0 votes
ThiagoBomfim
ThiagoBomfim
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 22, 2014

Hi Agnes,

According to the document below:

There is already an improvement request so Crowd will handle this situation gracefully.

For now, please apply one of the workarounds mentioned in the KB article.

I hope that helps.

Best regards,
Thiago Bomfim

 

 

Reply
0 votes
Amit Girme
Amit Girme July 11, 2013
Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events