I have successfully added Active Directory as a User Directory in Jira.

But I have a AD to Jira synch error.

Anyone hit this one before?

All/Any help appreciated!

Brad

Gory Details:

When I hit the synchronize link on http://prc-mn-jira-prod:8080/plugins/servlet/embedded-crowd/directories/list I get:

Last synchronised at 4/5/12 3:42 PM (took 0s). Synchronisation failed. See server logs for details

In the log the associated entry is:

2012-04-05 15:42:34,679 QuartzWorker-1 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name 'HK'
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:131)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:42)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

2 answers

This widget could not be displayed.

Hi Brad,

The problem is that it looks like you have duplicate group names in AD:

com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name 'HK'

This has been previously been recorded at https://jira.atlassian.com/browse/CWD-2796 and https://jira.atlassian.com/browse/CONF-23213 (this one is for Confluence rather than JIRA, but both Confluence and JIRA use Crowd for user management and the problem is in Crowd). There isn't a fix for this at the moment, but there are a few workarounds suggest on the https://jira.atlassian.com/browse/CONF-23213 report:

  • Restrict the LDAP tree which is searched by Confluence.You can use a more specific "base DN" in your LDAP directory configuration to exclude parts of the tree that contain duplicate names.
  • Filter out the affected groups.You can specify a "group filter" in your LDAP directory configuration, such as those described inHow to write LDAP search filters, to exclude the groups which have duplicate names.
  • Disable referrals if the affected groups are across multiple servers.Often in an Active Directory forest, duplicate group names will appear across multiple servers. Disabling the "follow referrals" setting in your directory configuration will prevent those groups from other servers clashing with those in the main directory.
  • Use an attribute which is unique as the group name.Most people on this thread are using the 'cn' attribute as the group name, which happens to not be unique for the given LDAP server. On some LDAP servers, there may be another attribute which can be used as the unique group name in Confluence.

Hope that helps?

Andrew.

The error message in this Question and in CONF-23213 are different. Obviously they are both Crowd errors and likely caused by the same issue but I wanted to call that out.

This is also affecting me, but in Confluence where I can't successfully synchronize with my Directory and as mentioned in CWD-2796, it can be difficult to get things changed in LDAP. I'd at least prefer it if it didn't bomb and stop processing everything else, and at least skipped that group or something and just gave a warning.

This widget could not be displayed.
Yew Teck En Atlassian Team Aug 19, 2012

Try check if there's more than 1 group with the same name under your AD? If there's any, you would require restrict the search or other workaround which suggested by Andrew

There's a JIRA KB article link with bug report:

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted yesterday in Teamwork

What teamwork quotes inspire you?

Hey everyone! My name is Natalie and I'm an editor of the Atlassian Blog and I've got a question for you: What's your favorite quote about teamwork?  We've compiled a list here, along with...

110 views 15 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you