[CWD-2140] Tracking Feedback for ADAM integration

Type: Suggestion
Resolution: Obsolete
Fix Version/s: None
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

We have not tested Crowd integration with Active Directory Application Mode (ADAM). However, ADAM and Active Directory share the same code base, LDAP interface and API. So ADAM should work with Crowd, following the same integration instructions as above. If you try it, we'd be interested to hear of your experiences.

http://confluence.atlassian.com/display/CROWD/Microsoft+Active+Directory

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

crowd-adam-connector.diff
15 kB
17/Dec/2010 1:12 AM

was cloned as

CWD-2581 Allow Crowd to integrate with Active Directory Application Mode (ADAM)

Gathering Interest

Katherine Yabut made changes - 19/Sep/2019 5:50 AM

Workflow	Original: JAC Suggestion Workflow [ 3388904 ]	New: JAC Suggestion Workflow 3 [ 3626102 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 11:54 PM

Workflow	Original: Simplified Crowd Development Workflow v2 [ 1389404 ]	New: JAC Suggestion Workflow [ 3388904 ]
Issue Type	Original: Improvement [ 4 ]	New: Suggestion [ 10000 ]

Owen made changes - 12/May/2016 2:51 AM

Workflow

Original: Crowd Development Workflow v2 [ 274053 ]

New: Simplified Crowd Development Workflow v2 [ 1389404 ]

bain made changes - 13/Jul/2011 8:03 AM

Resolution		New: Obsolete [ 11 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

bain added a comment - 13/Jul/2011 8:03 AM

ADAM is known not work with the Microsoft AD Connector. Issue is not being tracked on CWD-2581.

bain added a comment - 13/Jul/2011 8:03 AM ADAM is known not work with the Microsoft AD Connector. Issue is not being tracked on CWD-2581 .

bain made changes - 13/Jul/2011 8:02 AM

Link

New: This issue was cloned as CWD-2581 [ CWD-2581 ]

Gabriele Loibichler added a comment - 30/Jun/2011 8:46 AM

We use ADAM to only for read not for modification access. We have our own authenticator.
Full synchronisation from ADAM to confluence works fine but delta synchronisation fails with the following error:

2011-06-22 14:25:40,205 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache delta synchronisation for directory [ 27557889 ] starting
2011-06-22 14:25:40,408 FATAL [QuartzScheduler_Worker-4] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl
2011-06-22 14:25:40,408 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation complete in [ 203ms ]
2011-06-22 14:25:40,424 ERROR [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 27557889 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323)
... 13 more
Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at sun.reflect.GeneratedMethodAccessor497.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)
at $Proxy643.search(Unknown Source)
at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
... 15 more

Gabriele Loibichler added a comment - 30/Jun/2011 8:46 AM We use ADAM to only for read not for modification access. We have our own authenticator. Full synchronisation from ADAM to confluence works fine but delta synchronisation fails with the following error: 2011-06-22 14:25:40,205 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache delta synchronisation for directory [ 27557889 ] starting 2011-06-22 14:25:40,408 FATAL [QuartzScheduler_Worker-4] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl 2011-06-22 14:25:40,408 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation complete in [ 203ms ] 2011-06-22 14:25:40,424 ERROR [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 27557889 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Deleted Objects,null' ]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Deleted Objects,null' ]; remaining name 'CN=Deleted Objects,null' at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Deleted Objects,null' ]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Deleted Objects,null' ]; remaining name 'CN=Deleted Objects,null' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323) ... 13 more Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of: 'CN=Deleted Objects,null' ]; remaining name 'CN=Deleted Objects,null' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257) at sun.reflect.GeneratedMethodAccessor497.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92) at $Proxy643.search(Unknown Source) at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293) ... 15 more

Ryan Brown made changes - 17/Dec/2010 1:12 AM

Attachment

New: crowd-adam-connector.diff [ 42955 ]

Ryan Brown added a comment - 17/Dec/2010 1:12 AM

As posted in https://support.atlassian.com/browse/CWDSUP-4130

Connecting to ADAM using the AD connector only seemed to authenticate. Everything else failed horribly.

Attached is a good start at a ADAM connector; I have tested the following things successfully:

Create a user with all form fields filled out (active field is ignored)
Modify a user
Delete a user
Change a user's password from the administration console
Create a group with a description
Create a group without a description
Delete a group
Add users to group
Remove users from a group

Please note that I am currently not honoring the "Active" checkbox. The code to toggle the field is present (but commented out) for new user creation. I could not quickly discern the mechanism for how to inject this field into an update on a per-connector basis (as I think this concept is only applicable for AD and ADAM?). If there isn't a mechanism to handle this, I will probably add one later – as I said, this is just a good starting point. I also did not attempt to add any semblance of a delta synchronization – if it's even possible in ADAM given my initial set of exceptions.

I'm not certain what types of tests you run against the typical connector – so I just tested basic functionality. I didn't write a test driver out of laziness...

If you have any insight on if there's an easy mechanism to hook into for the user active update, I'd love to hear!

Ryan Brown added a comment - 17/Dec/2010 1:12 AM As posted in https://support.atlassian.com/browse/CWDSUP-4130 Connecting to ADAM using the AD connector only seemed to authenticate. Everything else failed horribly. Attached is a good start at a ADAM connector; I have tested the following things successfully: Create a user with all form fields filled out (active field is ignored) Modify a user Delete a user Change a user's password from the administration console Create a group with a description Create a group without a description Delete a group Add users to group Remove users from a group Please note that I am currently not honoring the "Active" checkbox. The code to toggle the field is present (but commented out) for new user creation. I could not quickly discern the mechanism for how to inject this field into an update on a per-connector basis (as I think this concept is only applicable for AD and ADAM?). If there isn't a mechanism to handle this, I will probably add one later – as I said, this is just a good starting point. I also did not attempt to add any semblance of a delta synchronization – if it's even possible in ADAM given my initial set of exceptions. I'm not certain what types of tests you run against the typical connector – so I just tested basic functionality. I didn't write a test driver out of laziness... If you have any insight on if there's an easy mechanism to hook into for the user active update, I'd love to hear!

Renan Battaglin created issue - 17/Dec/2010 12:52 AM

Assignee:: Unassigned

Reporter:: Renan Battaglin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 17/Dec/2010 12:52 AM

Updated:: 19/Sep/2019 5:50 AM

Resolved:: 13/Jul/2011 8:03 AM

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: bain added a comment - 13/Jul/2011 8:03 AM

Expand comment: bain added a comment - 13/Jul/2011 8:03 AM

Collapse comment: Gabriele Loibichler added a comment - 30/Jun/2011 8:46 AM

Expand comment: Gabriele Loibichler added a comment - 30/Jun/2011 8:46 AM

Collapse comment: Ryan Brown added a comment - 17/Dec/2010 1:12 AM

Expand comment: Ryan Brown added a comment - 17/Dec/2010 1:12 AM

People

Dates