Synchronization with LDAP Server Fails with PartialResultException
Symptoms
The following exception appears on atlassian-confluence.log file:
2015-02-20 04:52:46,158 INFO [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation for directory [ 98306 ] starting
2015-02-20 04:52:46,215 INFO [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache failed synchronisation complete for directory [ 98306 ] in [ 57ms ]
2015-02-20 04:52:46,232 ERROR [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 98306 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:408)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:443)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:426)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedObjectsSince(MicrosoftActiveDirectory.java:881)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedUsersSince(MicrosoftActiveDirectory.java:853)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:210)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:82)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:993)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:205)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:99)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:96)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:54)
at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:96)
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:372)
... 14 more
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
... 20 more
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name ''
at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
... 27 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processhttps://confluence.atlassian.com/display/STASHKB/Synchronization+with+LDAP+Server+Fails+with+PartialResultExceptionReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source)
... 23 more
Cause
Seems to be related to this bug: - CONF-24460Getting issue details... STATUS
Resolution
1. Turn off Follow Referrals (Confluence Admin >> User Directories >> Edit the LDAP entry >> Advanced Settings >> Uncheck Follow Referrals).
2. Check if those users are members of confluence-users group through a nested group, or if they are there directly. Nested Groups is disabled, so if they are members of a nested group you'll need to enable that option under Advanced Settings as well.
3. Sync the directory again.
4. If it doesn't help, try to clear the plugin cache - Embedded Crowd is a plugin, so it's possible that there's something corrupted in there.
5. If that also doesn't help, let's recreate the LDAP directory and remove the old one (make sure to re-enable the internal one first so you don't lock yourself out of Confluence). Don't enable Follow Referrals unless it's definitely required.