InvalidSearchFilterException: Empty filter when Synchronising LDAP

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

When synchronising the LDAP directory, the synchronisation fails with this in logs:

The following appears in the atlassian-confluence.log:

1 2 2012-01-17 13:18:48,791 ERROR [QuartzScheduler_Worker-9] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 31031297 ]. com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidSearchFilterException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name 'DC=example,DC=com'

Cause

  1. One of the following fields is blank:

    1. User Object Filter

    2. Group Object Filter

  2. Roles are enabled. This has been deprecated for quite some time and should always be disabled.

Resolution

For Cause 1

For Cause 2

  • Create a new LDAP directory. By default, the ldap.roles.disabled will be set to true.

  • Otherwise, disable Roles in your current LDAP directory configuration. As there is no way to do this in the interface, this will require manual database edits. Here is the SQL query to return that attribute's information:

    1. ⚠️Backup your database first

      1 select * from cwd_directory_attribute where attribute_name = 'ldap.roles.disabled';

    2. Notice that the attribute_value column is showing false

    3. You'll want to run an update statement to set the attribute_value to true

Updated on April 15, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSymptomsCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community