問題

Accessing LDAP, such as searching for users in JIRA, Confluence or Crowd (with AD integrated) fails with the exception below:

Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: DomainDnsZones.example.net:389 [Root exception is java.net.ConnectException: Connection refused: connect]]

その他のルート例外として次のものが考えられます。

• javax.naming.PartialResultException

• java.net.UnknownHostException

説明

Active Directory servers are integrated with DNS, and modify entries in the DNS server. They refer to themselves in the root of their LDAP tree. If the Confluence (or Crowd, or JIRA) server is pointed to the root of the LDAP tree, and "follow referrals" is turned on (which is the default), then:

1. Confluence will search for users.
2. AD サーバーは LDAP ツリーのルートにあるユーザーと照会を応答します。これは、ここには多数のユーザーがいる可能性が考えられるためです。
3. Confluence will follow the referral. This will result in:
   
   1. A DNS lookup of the base DN ( dc=example,dc=com means a lookup for example.com)
   2. example.com のポート 389 または 636 へのコネクション。これは同じサーバーに戻ります。
4. Confluence will continue and read the rest of the objects in the domain as normal.

診断

この問題に該当するかどうかを確認するには、次の手順を実行します。

1. ユーザー ディレクトリ構成の [高度な設定] セクションで [照会に従う] を無効化します。
2. LDAP サーバーのルート DN に接続します。
3. ログにエラーが表示されない場合、これは DNS エラーです。

原因

JIRA, Crowd or Confluence can't perform a DNS lookup on the referral in the AD server root. Problems like this are most commonly caused by the server that Confluence is running on not having the same DNS server as the Active Directory server.

ソリューション

DNS 構成の問題の修正

1. Configure the server that JIRA is running on to use the DNS server that the Active Directory server is integrated with.
2. Double check if the DNS server address has been change recently. Since DNS server record the Confluence information, please delete Confluence address information from the DNS server to resolve the issue.
3. If this is not possible, disable 'Follow Referrals' under the advanced settings of your user directory.