Error when synchronising with ADAM

I have configured Crowd 2.2 to connect to Microsoft ADAM. The connection tests ok, and the test search for both groups and users are ok too.

The user dn I have used for the account that Crowd should connect to ADAM with is the ADAM administrators group. I have tested outside of Crowd using ldp.exe, that the user can bind to the directory just fine.

Crowd does not bring across any users, and has this exception in the log.

Any help greatly appreciated!!!

2011-06-30 15:15:42,473 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 720897 ] starting

2011-06-30 15:15:42,505 scheduler_Worker-3 FATAL [springframework.ldap.control.AbstractRequestControlDirContextProcessor] No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl

2011-06-30 15:15:42,505 scheduler_Worker-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 32ms ]

2011-06-30 15:15:42,520 scheduler_Worker-3 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 720897 ].

com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:352)

at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:385)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)

at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)

at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)

at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)

at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)

at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)

at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)

at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)

at org.quartz.core.JobRunShell.run(JobRunShell.java:195)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)

at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:316)

... 12 more

Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:

'CN=Deleted Objects,null'

]; remaining name 'CN=Deleted Objects,null'

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)

at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)

at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)

at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)

at sun.reflect.GeneratedMethodAccessor325.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)

at $Proxy134.search(Unknown Source)

at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)

at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)

... 14 more

3 answers

From:

http://confluence.atlassian.com/display/CROWD/Configuring+Caching+for+an+LDAP+Directory

Obtaining AD object deletions requires administrator access. Active Directory stores deleted objects in a special container called <tt>cn=Deleted Objects</tt>. By default, to access this container you need to connect as an administrator and so, for Crowd to be aware of deletions, you must use administrator credentials. Alternatively, it's possible to change the permissions on the <tt>cn=Deleted Objects</tt> container. If you wish to do so, please see this Microsoft KB Article.


Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.
0 vote

Hi Agnes,

According to the document below:

There is already an improvement request so Crowd will handle this situation gracefully.

For now, please apply one of the workarounds mentioned in the KB article.

I hope that helps.

Best regards,
Thiago Bomfim

 

 

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted yesterday in Confluence

Calling all marketing teams who use Confluence - we want to hear from you!

Hi Community! me again 🙂 If you’re a marketing team using Confluence, we want to hear your story! How did you start using Confluence? What are your use cases? What have been some of the benefits?...

74 views 2 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you