Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-73875

User Directory fails sync with error :Error occurred while refreshing the cache for directory

    XMLWordPrintable

Details

    • 8.2
    • 45
    • Severity 2 - Major
    • 709
    • Hide

      Dear team,

      A fix for both problems ((JSDSERVER-11884 mail handler is broken and this one) is part of Jira Software 8.22.6 / Jira Service Management 4.22.6 version available  -> https://www.atlassian.com/software/jira/update .

      Andrzej Kotas
      Jira DC PM

      Show
      Dear team, A fix for both problems (( JSDSERVER-11884 mail handler is broken and this one) is part of Jira Software 8.22.6 / Jira Service Management 4.22.6 version available  -> https://www.atlassian.com/software/jira/update . Andrzej Kotas Jira DC PM

    Description

      Issue Summary

      This is reproducible on Data Center: yes

      Any changes to remote LDAP directory configuration, without re-adding the password for user, results in sync failure.

      The issue also happens with every restart of the application. It is not limited to making changes to User Directory configuration.

      Login of the remote LDAP users also fails with the same error.

      Steps to Reproduce

      • Setup Jira 8.20.9.
      • Configure remote LDAP User directory.
      • Sync the directory
      • After a successful sync, make a change to directory configuration, for example check one of the boxes for Use the User Membership Attribute.
      • Sync the directory again
      • The sync fails with the below exception.
      2022-06-01 17:56:22,517+0530 Caesium-1-3 ERROR ServiceRunner     [c.a.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
      com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 57, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 57, v3839]
          at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:207)
          at com.atlassian.crowd.directory.synchronisation.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:45)
          at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:172)
          at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1095)
          at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:82)
          at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
          at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:80)
          at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:48)
          at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:92)
          at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134)
          at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106)
          at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:430)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:454)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:382)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35)
          at java.lang.Thread.run(Thread.java:748) 

      Expected Results

      The sync should work, without a need to update user password for every change made to remote LDAP directory configuration.

      Actual Results

      The below exception is thrown in the atlassian-jira.log file:

      2022-06-01 17:56:22,517+0530 Caesium-1-3 ERROR ServiceRunner     [c.a.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
      com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 57, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 57, v3839]
          at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:207)
          at com.atlassian.crowd.directory.synchronisation.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:45)
          at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:172)
          at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1095)
          at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:82)
          at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
          at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:80)
          at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:48)
          at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:92)
          at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134)
          at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106)
          at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:430)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:454)
          at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:382)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60)
          at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35)
          at java.lang.Thread.run(Thread.java:748)
      

      Workaround

      1) Temporary Solution: While making changes to the remote LDAP directory configuration, update (re-add) the user password and save the changes.
      Obs: If another change will be done on remote LDAP directory configuration and the user does not get re-added, the issue will happen again.

      2) Permanent Solution: Copy/ Replace the old files of 8.20.8 or earlier in directory "/atlassian-jira-software-8.20.9-standalone/atlassian-jira/WEB-INF/classes/com/atlassian/jira/application"

      DefaultApplicationRoleManager$1.class
      DefaultApplicationRoleManager$BillableUserCountLoader.class
      DefaultApplicationRoleManager$DelegatingSettableFutureTask.class
      DefaultApplicationRoleManager$RoleLoader.class
      DefaultApplicationRoleManager.class

       

      Attachments

        Issue Links

          Activity

            People

              ppetrowski Patryk
              dsidhpura@atlassian.com Deepak Sidhpura
              Votes:
              44 Vote for this issue
              Watchers:
              87 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: