Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

LDAP Synch Error

Brad Feathersto
Brad Featherstone
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 5, 2012

I have successfully added Active Directory as a User Directory in Jira.

But I have a AD to Jira synch error.

Anyone hit this one before?

All/Any help appreciated!

Brad

Gory Details:

When I hit the synchronize link on http://prc-mn-jira-prod:8080/plugins/servlet/embedded-crowd/directories/list I get:

Last synchronised at 4/5/12 3:42 PM (took 0s). Synchronisation failed. See server logs for details

In the log the associated entry is:

2012-04-05 15:42:34,679 QuartzWorker-1 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name 'HK'
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:131)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:42)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Answer
Watch
Like Dave Hergert likes this
2760 views

2 answers

0 votes
Teck-En
Teck-En
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 19, 2012

Try check if there's more than 1 group with the same name under your AD? If there's any, you would require restrict the search or other workaround which suggested by Andrew

There's a JIRA KB article link with bug report:

Reply
0 votes
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 5, 2012

Hi Brad,

The problem is that it looks like you have duplicate group names in AD:

com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name 'HK'

This has been previously been recorded at https://jira.atlassian.com/browse/CWD-2796 and https://jira.atlassian.com/browse/CONF-23213 (this one is for Confluence rather than JIRA, but both Confluence and JIRA use Crowd for user management and the problem is in Crowd). There isn't a fix for this at the moment, but there are a few workarounds suggest on the https://jira.atlassian.com/browse/CONF-23213 report:

  • Restrict the LDAP tree which is searched by Confluence.You can use a more specific "base DN" in your LDAP directory configuration to exclude parts of the tree that contain duplicate names.
  • Filter out the affected groups.You can specify a "group filter" in your LDAP directory configuration, such as those described inHow to write LDAP search filters, to exclude the groups which have duplicate names.
  • Disable referrals if the affected groups are across multiple servers.Often in an Active Directory forest, duplicate group names will appear across multiple servers. Disabling the "follow referrals" setting in your directory configuration will prevent those groups from other servers clashing with those in the main directory.
  • Use an attribute which is unique as the group name.Most people on this thread are using the 'cn' attribute as the group name, which happens to not be unique for the given LDAP server. On some LDAP servers, there may be another attribute which can be used as the unique group name in Confluence.

Hope that helps?

Andrew.

View More Comments
Dave Hergert
Dave Hergert
Contributor
May 13, 2012

The error message in this Question and in CONF-23213 are different. Obviously they are both Crowd errors and likely caused by the same issue but I wanted to call that out.

This is also affecting me, but in Confluence where I can't successfully synchronize with my Directory and as mentioned in CWD-2796, it can be difficult to get things changed in LDAP. I'd at least prefer it if it didn't bomb and stop processing everything else, and at least skipped that group or something and just gave a warning.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.