Incremental sync fails with NameNotFoundException if a group changes location on the directory server between syncs

XMLWordPrintable

    • Type: Bug
    • Resolution: Obsolete
    • Priority: Low
    • None
    • Affects Version/s: 2.6.5
    • Component/s: Directory - LDAP
    • None
    • Severity 3 - Minor

      Symptoms

      If using an incremental sync, and on the directory server the location of a group is changed, then on the next sync, it will fail. This affects Crowd, and all applications using Embedded Crowd. An error like below will be shown in the logs:

      2013-09-09 14:49:36,754 scheduler_Worker-8 ERROR [atlassian.crowd.directory.DbCachingRemoteDirectory] Incremental synchronisation was unexpectedly interrupted, falling back to a full synchronisation
org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
	'OU=Groups,DC=sydney,DC=atlassian,DC=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
	'OU=Groups,DC=sydney,DC=atlassian,DC=com'
]; remaining name 'cn=another test,ou=groups,dc=sydney,dc=atlassian,dc=com'
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:174)
	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
	at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:793)
	at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$9.call(LdapTemplateWithClassLoaderWrapper.java:159)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:54)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.lookup(LdapTemplateWithClassLoaderWrapper.java:155)
	at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:898)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:77)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:69)
	at com.google.common.collect.Iterators$8.next(Iterators.java:782)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:126)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseGroupChanges(UsnChangedCacheRefresher.java:258)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:81)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:629)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
	at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:113)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
	'OU=Groups,DC=sydney,DC=atlassian,DC=com'
]; remaining name 'cn=another test,ou=groups,dc=sydney,dc=atlassian,dc=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3092)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
	at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1312)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
	at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:133)
	at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:92)
	at com.sun.proxy.$Proxy154.getAttributes(Unknown Source)
	at org.springframework.ldap.core.LdapTemplate$17.executeWithContext(LdapTemplate.java:937)
	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
	... 19 more

      Workaround

      Use any version of Crowd that includes CWD-3188, so that a failed incremental sync will fall back to a full sync.

            Assignee:
            Unassigned
            Reporter:
            David Mason (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: