LDAP synchronization fails due to invalid search filter containing negation element.

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

The LDAP synchronization fails with the following message in the atlassian-confluence.log:

Test retrieve user : Failed
org.springframework.ldap.InvalidSearchFilterException: Filter (!) cannot be followed by more than one filters; nested exception is javax.naming.directory.InvalidSearchFilterException: Filter (!) cannot be followed by more than one filters; remaining name 'DC=production,DC=tvn,DC=com'

Cause

Due to restrictions of the LDAP protocol, filters containing 'not' or 'negation'('!') must have one and only one filter element. Example of an invalid filter:

(&(objectCategory=Group)(!(CN=confluence*)(!(CN=jira*))))

(info) See more details about LDAP filters in this documentation.
.

Resolution

You can fix the issue by following the below approaches.

  • Remove one of the negation operators. e.g.

    (&(objectCategory=Group)(!(CN=confluence*)))

  • Or wrap all elements within the OR operator (pipe symbol '|'). Example:

    (&(objectCategory=Group)(!(|(CN=confluence*)(CN=jira*))))

Last modified on Sep 16, 2021

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.