User Directory Synchronisation Failed Due To Lexical Error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

  1. Synchronisation fail when connecting to parent tree

  2. But, synchronisation successful when connecting to one child tree

The following appears in the atlassian-jira.log:

1 2 3 4 5 6 7 8 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10200 ]. com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 18. Encountered: "\\" (92), after : ""]; remaining name 'OU=example,DC=atlassian,DC=com' at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:266) ... Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 18. Encountered: "\\" (92), after : "" ...

Cause

There is child tree that has special character in it's name. Refer to Characters in User or Group DN's that will cause problems when using Crowd for detail.

Resolution

Either of the following will resolve the issue:

  • Remove special character from the child trees under the parent tree that failed during synchronization

  • Configure JIRA to connect to specific child trees only

ℹ️Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.

Updated on April 8, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSymptomsCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community