LDAP synchronization is failing
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
Jira fails to synchronize with LDAP server and following errors are noticed in the atlassian-jira.log:
1
2
3
4
5
6
7
8
9
10
11
Error occurred while refreshing the cache for directory [ 10001 ] org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03152C42, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Configuration,CN={abc-abc-abc-abc}'];
nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSI D-03152C42, problem 2001 (NO_OBJECT), data 0, best match of:'CN=Configuration,CN={abc-abc-abc-abc}']; remaining name 'CN=NTDS Settings,CN=ABC,CN=Servers,CN=Default-First-Site-Name,CN=Site s,CN=Configuration,CN={abc-abc-abc-abc-abc}'
org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:183)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:376)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:440)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedGet(SpringLdapTemplateWrapper.java:128)
at com.atlassian.crowd.directory.ldap.monitoring.TimedSupplier.get(TimedSupplier.java:37)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:85)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:117)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchInvocationId(MicrosoftActiveDirectory.java:716)
at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:179)Cause
Jira is trying to retrieve the InvocationID from AD LDS com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchInvocationId(MicrosoftActiveDirectory.java:716).
When Jira is configured with AD Connector, Crowd attempts to fetch invocationId and highestCommitedUSN at the end of the synchronization process. However, synchronization fails due to a schema mismatch between AD LDS and what the AD Connector expects. These values are generally unnecessary for full synchronization and occur only when incremental synchronization is enabled.
Solution
Uncheck the Enable Incremental Synchronisation by navigating to the Jira administration ⚙️ > User management > User Directories > Advanced settings of the affected user directory
A feature request has been submitted (CWD-5572) to Enable Support AD LDS using the AD Connector. However, at this time, disabling the incremental synchronization is the only available workaround.
Was this helpful?