Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

AD Synchronisation fails

Idan Bidani
Idan Bidani
Contributor
December 22, 2014

Hi,

We are having issues with syncing are AD server.

It seems like the some entries have the special char "\0A" in cn (new line i guess) which causes the following exception, part1cn(before new line) part2cn(after new line).

I understand that this entry is bad but I expect Stash/Crowed to ignore this entry and continue the sync.

Does this exception causes the sync to halt?

if it does is it possible to ignore this entry and continue the sync

if it doesn't, maybe "Synchronisation failed" should be rephrased to "Synchronisation completed with errors" ?

Looking forward for your reply

Thanks in advance

 

2014-12-22 15:40:47,007 ERROR [clusterScheduler_Worker-2] c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 1572865 ].
org.springframework.ldap.InvalidNameException: cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of:
'cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'
^@]; nested exception is javax.naming.InvalidNameException: cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of:
'cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'
^@]; remaining name 'cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:136) ~[LdapUtils.class:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820) ~[LdapTemplate.class:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803) ~[LdapTemplate.class:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935) ~[LdapTemplate.class:2.0.2.RELEASE]
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286) ~[SpringLdapTemplateWrapper$9.class:na]
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124) ~[SpringLdapTemplateWrapper$TimedCallable.class:na]
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87) ~[SpringLdapTemplateWrapper.class:na]
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282) ~[SpringLdapTemplateWrapper.class:na]
at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959) ~[RFC4519Directory.class:na]
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516) ~[MicrosoftActiveDirectory.class:na]
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78) ~[RFC4519DirectoryMembershipsIterable$2.class:na]
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70) ~[RFC4519DirectoryMembershipsIterable$2.class:na]
at com.google.common.collect.Iterators$8.next(Iterators.java:812) ~[Iterators$8.class:na]
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:196) ~[AbstractCacheRefresher.class:na]
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:98) ~[AbstractCacheRefresher.class:na]
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:161) ~[UsnChangedCacheRefresher.class:na]
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) ~[DbCachingRemoteDirectory.class:na]
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) ~[DirectorySynchroniserImpl.class:na]
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) ~[DbCachingDirectoryPoller.class:na]
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93) [DirectoryPollerJobRunner.class:na]
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135) [JobLauncher.class:na]
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) [JobLauncher.class:na]
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) [JobLauncher.class:na]
at com.atlassian.scheduler.quartz2.Quartz2Job.execute(Quartz2Job.java:32) [Quartz2Job.class:na]
at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [JobRunShell.class:na]
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [SimpleThreadPool$WorkerThread.class:na]
... 12 frames trimmed
Caused by: javax.naming.InvalidNameException: cn=part1cn

Answer
Watch
Like IshanL likes this
1434 views

4 answers

1 vote
Idan Bidani
Idan Bidani
Contributor
December 23, 2014

Looks like this is how Active directory is handling duplicate entries http://social.technet.microsoft.com/wiki/contents/articles/15435.active-directory-duplicate-object-name-resolution.aspx#When_a_Duplicate_RDN_in_an_OU_or_Container_is_Detected

I find it weird that SonarQube, Subversion Edge and Jenkins can handle this bad entries perfectly fine and Atlassian products have trouble with it.

View More Comments
Idan Bidani
Idan Bidani
Contributor
January 2, 2015

created https://jira.atlassian.com/browse/STASH-6948

Like
Reply
0 votes
IshanL
IshanL
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 21, 2016

There is already an improvement ticket.

 

https://jira.atlassian.com/browse/CWD-4174

Reply
0 votes
rrudnicki
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 23, 2014

Hi Idam, 

The error code 34 means a bad DN as you can see on this link.

Looking into your error message, it looks like your LDAP URL is wrong:

NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of:
'cn=part1cn
part2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'

 

I could see your LDAP path should be:

'cn=part1,cn=part2,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'

and not

'cn=part1cnpart2cn,ou=groups,ou=someou,ou=cci,dc=corp,dc=bla,dc=com'

 

If it isn't the problem, could you confirm your correct LDAP base?

 

Regards, 

Renato Rudnicki

View More Comments
Idan Bidani
Idan Bidani
Contributor
December 23, 2014

Thank you for the reply Renato. The LDAP configuration is working perfectly and in 3 other Java web applications, the other web apps just ignoring the bad names (this case is due to the new line char "\0A")

Like
Reply
0 votes
Boris Berenberg
Boris Berenberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 22, 2014

The sync will fail and should not be trusted. I would exclude the affected objects explicitly via the LDAP filters.

View More Comments
Idan Bidani
Idan Bidani
Contributor
December 23, 2014

Thanks for the quick reply Boris. The affected objects are all around the LDAP(different OUs) I tried using How to Write LDAP Search Filters but it didn't work for me maybe due to the newline in the middle of the cn or I didn't write it well.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.