Jira server fails to synchronize with LDAP server with Unable to find the username of the principal error

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

JIRA fails to synchronize with LDAP server.

atlassian-jira.log に次のメッセージが表示される。

2013-01-28 03:15:59,598 QuartzWorker-0 ERROR ServiceRunner     [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:266)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:223)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
	at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the username of the principal.

原因

The User Name Attribute (ldap.user.username) specified in JIRA's LDAP connector (User Schema Settings) is not applicable for all or some users found in the LDAP filter specified. 

For example, the attribute field used on the user object would be sAMAccountName for Active Directory Servers and if the value for this attribute is empty it will fail to properly map during synchronization, causing the above exception.

回避策

Exclude user objects with the missing User Name Attribute with a LDAP search filter. See more here on How to write LDAP search filters.

ソリューション


Add the missing User Name Attribute to the objects that are causing the LDAP synchronization to fail. JIRA Application logs will contain the objects causing the failed synchronization (for example they reference username, which maps to sAMAccountName in Active Directory).


(info) Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.

最終更新日 2019 年 9 月 25 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.