com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name 'IT'

Atlassian JIRA | Boris Berenberg | 5 years ago
  1. 0

    As anyone would expect AD administration is not the same as CROWD and changing things in AD is almost always a very bureaucratic process that takes many days. Duplicate groups should only give warnings and not stopping the synctronization. In addition to that, the number of groups with duplicate names cannot be detected at once... so if you have 100 duplicates and it takes 7 days (optimistic) to solve a duplicate group naming issue in corporate Active Directory, it could easily take *years* to setup Crowd. 012-03-23 15:03:05,013 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 13533 ] groups for update in DB cache in [ 356ms ] 2012-03-23 15:03:05,051 scheduler_Worker-0 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 13533 ] groups in [ 394ms ] 2012-03-23 15:03:05,414 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 13533 ] groups for delete in DB cache in [ 363ms ] 2012-03-23 15:03:05,453 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete in [ 23868ms ] 2012-03-23 15:03:05,467 scheduler_Worker-0 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ]. com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name '#SE - EMEA' at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:133) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:44) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:621) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

    Atlassian JIRA | 5 years ago | Sorin Sbarnea (Citrix)
    com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name '#SE - EMEA'
  2. Speed up your debug routine!

    Automated exception search integrated into your IDE

  3. 0

    As anyone would expect AD administration is not the same as CROWD and changing things in AD is almost always a very bureaucratic process that takes many days. Duplicate groups should only give warnings and not stopping the synctronization. In addition to that, the number of groups with duplicate names cannot be detected at once... so if you have 100 duplicates and it takes 7 days (optimistic) to solve a duplicate group naming issue in corporate Active Directory, it could easily take *years* to setup Crowd. 012-03-23 15:03:05,013 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 13533 ] groups for update in DB cache in [ 356ms ] 2012-03-23 15:03:05,051 scheduler_Worker-0 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 13533 ] groups in [ 394ms ] 2012-03-23 15:03:05,414 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 13533 ] groups for delete in DB cache in [ 363ms ] 2012-03-23 15:03:05,453 scheduler_Worker-0 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete in [ 23868ms ] 2012-03-23 15:03:05,467 scheduler_Worker-0 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ]. com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name '#SE - EMEA' at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:133) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:44) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:621) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

    Atlassian JIRA | 5 years ago | Sorin Sbarnea (Citrix)
    com.atlassian.crowd.exception.OperationFailedException: Unable to synchronise directory: duplicate groups with name '#SE - EMEA'
  4. 0

    *Expected Behavior* JIRA syncronization completes successfully. *Actual Behavior* JIRA fails to syncronize due to missing group attributes, and throws the following error: {noformat} 2015-05-21 10:57:04,939 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAllGroupAttributes(AbstractCacheRefresher.java:129) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:94) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) {noformat} *Steps to Reproduce* - Set up an Active Directory Server - Create an AD Group that has more than 255 characters in the description - Create a LDAP connector with minimal settings (no filters or anything like that) - Observe synchronization failure *Environment*: JIRA 6.4.3 Windows Server 2012 R2 with AD at 2012R2 Functional level Directory Configuration used: {noformat} Directory ID: 10000 Name: Active Directory server Active: true Type: CONNECTOR Created date: Thu May 21 09:39:13 CDT 2015 Updated date: Thu May 21 11:54:32 CDT 2015 Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.currentstartsynctime": "null" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "2960905" "com.atlassian.crowd.directory.sync.laststartsynctime": "1432224311907" "crowd.sync.incremental.enabled": "true" "directory.cache.synchronise.interval": "3600" "ldap.basedn": "dc=lab,dc=local" "ldap.connection.timeout": "10000" "ldap.external.id": "objectGUID" "ldap.group.description": "description" "ldap.group.dn": "" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "true" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": ******** "ldap.pool.initsize": "null" "ldap.pool.maxsize": "null" "ldap.pool.prefsize": "null" "ldap.pool.timeout": "0" "ldap.propogate.changes": "false" "ldap.read.timeout": "120000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "60000" "ldap.secure": "false" "ldap.url": "ldap://127.0.0.1:3268" "ldap.user.displayname": "displayName" "ldap.user.dn": "" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": "unicodePwd" "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "ldap" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false" "localUserStatusEnabled": "false" {noformat} *Workaround* * Exclude the following groups from directory synchronization through a [Group Object Filter|https://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-GroupSchemaSettings]. {quote}*RDS Endpoint Servers, Exchange Trusted Subsystem, RDS Remote Access Servers, RDS Management Servers, Help Desk*{quote} You can use the following filter for this. {noformat}(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*))){noformat} * Also, it depends on which missing groups are showing in the logs. You can refer the steps below to check the missing groups: *# Search for this *"Failed to synchronize directory group attributes for missing group"* exception in the logs (atlassian-jira.log) *# You will see something like this:{code}Failed to synchronize directory group attributes for missing group: FC Financial Practitioners Observations{code} (i) *FC Financial Practitioners Observations* is the missing group. *# Re-amend the group object filter like: {code}(&(objectClass=group)(!(cn=*FC Financial Practitioners Observations*))){code} *Debugger Output* !2015-05-21_11-51-26.png|thumbnail!

    Atlassian JIRA | 2 years ago | David Blasio [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. com.atlassian.crowd.exception.OperationFailedException

      Unable to synchronise directory: duplicate groups with name 'IT'

      at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships()
    2. com.atlassian.crowd
      AbstractCacheRefresher.synchroniseMemberships
      1. com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:131)
      1 frame