Synchronization with LDAP Server Fails with PartialResultException

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

The following exception appears on atlassian-confluence.log file:

2015-02-20 04:52:46,158 INFO [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation for directory [ 98306 ] starting
2015-02-20 04:52:46,215 INFO [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache failed synchronisation complete for directory [ 98306 ] in [ 57ms ]
2015-02-20 04:52:46,232 ERROR [scheduler_Worker-6] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 98306 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
	at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:408)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:443)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:426)
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedObjectsSince(MicrosoftActiveDirectory.java:881)
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findAddedOrUpdatedUsersSince(MicrosoftActiveDirectory.java:853)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseUserChanges(UsnChangedCacheRefresher.java:210)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:82)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:993)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
	at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:199)
	at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:205)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:99)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$4.call(LdapTemplateWithClassLoaderWrapper.java:96)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:54)
	at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:96)
	at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:372)
	... 14 more
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name '']
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(Unknown Source)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:295)
	... 20 more
Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:120000ms. [Root exception is com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com']; remaining name ''
	at com.sun.jndi.ldap.Connection.readReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.getSearchReply(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
	at com.sun.jndi.ldap.LdapReferralContext.search(Unknown Source)
	at com.sun.jndi.ldap.LdapSearchEnumeration.getReferredResults(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(Unknown Source)
	... 27 more
Caused by: com.sun.jndi.ldap.LdapReferralException: Continuation Reference; remaining name 'DC=domain,DC=com'
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.processhttps://confluence.atlassian.com/display/STASHKB/Synchronization+with+LDAP+Server+Fails+with+PartialResultExceptionReturnCode(Unknown Source)
	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(Unknown Source)
	... 23 more

Cause

Seems to be related to this bug: CONF-24460 - Getting issue details... STATUS

 

Resolution

1. Turn off Follow Referrals (Confluence Admin >> User Directories >> Edit the LDAP entry >> Advanced Settings >> Uncheck Follow Referrals).
2. Check if those users are members of confluence-users group through a nested group, or if they are there directly. Nested Groups is disabled, so if they are members of a nested group you'll need to enable that option under Advanced Settings as well.
3. Sync the directory again.
4. If it doesn't help, try to clear the plugin cache - Embedded Crowd is a plugin, so it's possible that there's something corrupted in there.

5. If that also doesn't help, let's recreate the LDAP directory and remove the old one (make sure to re-enable the internal one first so you don't lock yourself out of Confluence). Don't enable Follow Referrals unless it's definitely required.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.