-
Suggestion
-
Resolution: Obsolete
-
None
-
None
-
None
We have not tested Crowd integration with Active Directory Application Mode (ADAM). However, ADAM and Active Directory share the same code base, LDAP interface and API. So ADAM should work with Crowd, following the same integration instructions as above. If you try it, we'd be interested to hear of your experiences.
http://confluence.atlassian.com/display/CROWD/Microsoft+Active+Directory
- was cloned as
-
- Gathering Interest
[CWD-2140] Tracking Feedback for ADAM integration
Gabriele Loibichler
added a comment - We use ADAM to only for read not for modification access. We have our own authenticator.
Full synchronisation from ADAM to confluence works fine but delta synchronisation fails with the following error:
2011-06-22 14:25:40,205 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache delta synchronisation for directory [ 27557889 ] starting
2011-06-22 14:25:40,408 FATAL [QuartzScheduler_Worker-4] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl
2011-06-22 14:25:40,408 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation complete in [ 203ms ]
2011-06-22 14:25:40,424 ERROR [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 27557889 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323)
... 13 more
Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at sun.reflect.GeneratedMethodAccessor497.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)
at $Proxy643.search(Unknown Source)
at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
... 15 more
Gabriele Loibichler
added a comment - We use ADAM to only for read not for modification access. We have our own authenticator.
Full synchronisation from ADAM to confluence works fine but delta synchronisation fails with the following error:
2011-06-22 14:25:40,205 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache delta synchronisation for directory [ 27557889 ] starting
2011-06-22 14:25:40,408 FATAL [QuartzScheduler_Worker-4] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl
2011-06-22 14:25:40,408 INFO [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation complete in [ 203ms ]
2011-06-22 14:25:40,424 ERROR [QuartzScheduler_Worker-4] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 27557889 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findTombstonesSince(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findUserTombstonesSince(MicrosoftActiveDirectory.java:309)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:293)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323)
... 13 more
Caused by: javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BF, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Deleted Objects,null'
]; remaining name 'CN=Deleted Objects,null'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2979)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at sun.reflect.GeneratedMethodAccessor497.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)
at $Proxy643.search(Unknown Source)
at org.springframework.ldap.core.LdapTemplate$3.executeSearch(LdapTemplate.java:231)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:293)
... 15 more As posted in https://support.atlassian.com/browse/CWDSUP-4130
Connecting to ADAM using the AD connector only seemed to authenticate. Everything else failed horribly.
Attached is a good start at a ADAM connector; I have tested the following things successfully:
- Create a user with all form fields filled out (active field is ignored)
- Modify a user
- Delete a user
- Change a user's password from the administration console
- Create a group with a description
- Create a group without a description
- Delete a group
- Add users to group
- Remove users from a group
Please note that I am currently not honoring the "Active" checkbox. The code to toggle the field is present (but commented out) for new user creation. I could not quickly discern the mechanism for how to inject this field into an update on a per-connector basis (as I think this concept is only applicable for AD and ADAM?). If there isn't a mechanism to handle this, I will probably add one later – as I said, this is just a good starting point. I also did not attempt to add any semblance of a delta synchronization – if it's even possible in ADAM given my initial set of exceptions.
I'm not certain what types of tests you run against the typical connector – so I just tested basic functionality. I didn't write a test driver out of laziness...
If you have any insight on if there's an easy mechanism to hook into for the user active update, I'd love to hear!
ADAM is known not work with the Microsoft AD Connector. Issue is not being tracked on CWD-2581.