Sometimes we have issues with Active Directory users unable to log into Jira 4.4.1 . There will be no error message. Syncronization tests successfully. We are getting the following error in the atlassian-jira.log . Any help would be appreciated. Thank you.
2012-01-16 16:48:53,626 QuartzWorker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] delta synchronisation for directory [ 10000 ] starting
2012-01-16 16:49:56,782 QuartzWorker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation complete in [ 63156ms ]
2012-01-16 16:49:56,939 QuartzWorker-1 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:359)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:392)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:377)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedObjectsSince(MicrosoftActiveDirectory.java:327)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedUsersSince(MicrosoftActiveDirectory.java:299)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:292)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:149)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:639)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:203)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:323)
... 13 more
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:224)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
... 15 more
Caused by: javax.naming.CommunicationException: advisors.lan:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
... 17 more
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:189)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
... 20 more
The domain controller that JIRA was trying to authenticate was not always replicating with other domain controllers. Once the domain controllers were replicating each other consistency, the issue resolved.
I see that nested groups will take a performance hit. Could that be the problem. We have the groups set up similar to:
Do I need to drop nested groups and place everyone in the JIRA - Users active directory? Is there a depth limit?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As you are getting time out exceptions in the log try modifying the timeout settings under the Advanced section in your LDAP User Directory
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the suggestion. The default timeout periods seem to be ample as a synchronisation takes less than 5 seconds. I have the defaults:
Read Timeout: 120 seconds
Search Timeout: 60 seconds
Connection Timeout: 0 seconds
I did change this parameter a week ago hoping that it may help.
Synchronisation Interval: 5 minutes
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.