-
Bug
-
Resolution: Fixed
-
Medium
-
10.3.6, 10.3.7, 10.7.1
-
10.03
-
5
-
Severity 3 - Minor
-
44
-
Issue Summary
In Jira 10, after setting up a clustered LDAP user directory, the full and incremental synchronization fails and, as a result, users are not updated in Jira and some experience login issues.
The clustered LDAP system could be fronted by a Virtual Directory Server (VDS) or any mirroring technology.
Steps to Reproduce
- Setup a Clustered LDAP system
- Connect the clustered LDAP system as a User Directory in Jira
- Synchronize the User Directory in Jira
Expected Results
The user directory should be able to perform full and incremental synchronizations without any errors
Actual Results
The synchronization fails with the following error captured in the atlassian-jira.log file:
ERROR ServiceRunner [c.a.crowd.directory.DbCachingRemoteDirectory] Exception occured when performing full synchronization com.atlassian.crowd.exception.OperationFailedException: No highestCommittedUSN attribute found for AD root at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:759) at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:147) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1119) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:97) at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:95) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:48) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:92) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:500) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:495) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:519) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:415) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35) at java.base/java.lang.Thread.run(Unknown Source)
Workaround
1. Create a new LDAP configuration, selecting "LDAP" from the start.
2. Save and test the configuration.
Reference: https://confluence.atlassian.com/adminjiraserver/connecting-to-an-ldap-directory-938847052.html
VDS or other proxies for the ldap system do not expose the attribute that the Microsoft AD Connector is trying to fetch. The generic ldap adapter doesn't use the same method and therefore this issue cannot occur. User directory should sync successfully after this change.
- relates to
-
CWD-2783 Detect Active Directory server to handle usnChanged attribute correctly
- Closed
-
- Gathering Interest