Unable to synchronize with Active Directory due to SSL requirement

アトラシアン ナレッジベース



アトラシアン コミュニティをご利用ください。


プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Fisheye および Crucible は除く


Microsoft has released a security advisory for LDAP channel binding and LDAP signing to be implemented as a way to increase security of the network communication between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight Directory Services (AD LDS) and its clients. Please refer to the below article from Microsoft for complete details.

Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

This is relevant to users connecting to Active Directory from an Atlassian application without using SSL:

A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.


If your Atlassian application is connected to Active directory and is not communicating over SSL (using LDAPS), communication with these directories will fail. Directory synchronisation will fail with the following error:

“org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090256, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839“


As the LDAP server is configured to require signed communication, simple bind requests (through port 389 for example) are rejected by the LDAP server. If the application sends a request without SSL configured, the following error is printed in the application logs:

2020-01-31 16:58:02,699 Caesium-1-1 INFO ServiceRunner     [c.a.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete for directory [ 10104 ] in [ 3ms ]
2020-01-31 16:58:02,720 Caesium-1-1 ERROR ServiceRunner     [c.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:703)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:148)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:978)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:67)
	at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:77)
	at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:52)
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134)
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106)
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:430)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:454)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:382)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090256, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839


Configure your user directory to connect through SSL. The default Active Directory port for LDAPS is 636.

Please refer to the below articles for detailed configuration steps:

最終更新日: 2020 年 2 月 18 日


Powered by Confluence and Scroll Viewport.