Synchronization with LDAP server fails generating different errors in the logs

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

When Bitbucket Server connects to LDAP server to syncronize it, the following appears in the atlassian-bitbucket.log:

Stack trace #1:

2017-09-18 07:10:08,976 ERROR [Caesium-1-1]  c.a.s.c.impl.SchedulerQueueWorker Unhandled exception thrown by job QueuedJob[jobId=com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerManager.262145,deadline=1505423761490]
java.lang.OutOfMemoryError: Java heap space

 

Stack trace #2:

2017-09-18 08:17:50,181 ERROR [Caesium-1-4]  c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ 262145 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: somedomain.com:389; nested exception is javax.naming.CommunicationException: somedomain.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
	at 
...
Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction;
...
Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction

原因

The errors are being thrown when attempting to sync to AD user directory. Bitbucket is trying to retrieve a large amount of users  from LDAP, which is causing java heap errors. 

ソリューション

Resolution #1 - Apply LDAP filters

It's necessary to restrict the users that needs to be retrieved from LDAP. Information on how to create LDAP filters can be found here:

 

Resolution #2 - Change User Directory

Disable LDAP active sync and set up "Delegated LDAP Authentication", which does not require synchronization.

 

最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.