LDAP synchronization returns limited number of users due to LDAP directory limitation

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

LDAP synchronization returns limited number of users and not all user are created and visible in Jira. For example, only 300 users were created from LDAP, while the base DN contains thousands of users that should be created in Jira.

Environment

Jira 9.x

Diagnosis

  • Logs show a message like this, where we see 300 users will be added / updated:

    1 2024-07-02 12:35:54,760+0200 Caesium-1-1 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 300 ] users to add or update

  • Enable debugging for the following packages on Logging and Profiling page, with DEBUG level:

    1 2 3 4 5 6 7 8 com.atlassian.jira.login com.atlassian.jira.login.security com.atlassian.crowd.directory.SpringLDAPConnector com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdAuthenticator org.springframework.ldap.core com.atlassian.crowd.embedded com.atlassian.crowd.directory com.sun.jndi.ldap

  • After the next LDAP synchronization is performed, a message like this one is visible in atlassian-jira.log:

    1 2 3 4 5 2024-07-10 11:08:09,081+0200 Caesium-1-2 DEBUG ServiceRunner [o.s.ldap.core.LdapTemplate] SizeLimitExceededException encountered and ignored javax.naming.SizeLimitExceededException: [LDAP: error code 4 - This search operation has sent the maximum of 300 entries to the client]; remaining name 'ou=people,o=organization,dc=atlassian,dc=test,dc=com' at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3311) at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205) at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)

Cause

User directory has a limit on maximum entries that will be sent to the clients. This is not a Jira limitation and Jira cannot modify / override it.

Solution

The maximum number of entries needs to be changed on the user directory side. Contact your LDAP administrators for help. After changing / removing the limit, next synchronization should sync all the users under the given path.

Updated on February 24, 2025
Platform
Data Center only
Products
Jira Software Data Center
Jira Service Management Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community