Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problems with Active Directory

ket.pjwstk
ket.pjwstk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 21, 2011

Hi,

Our goal is to retrieve one group of users with all members and our configuration looks like:

Base DN O=some dn

Additional Users DN /left empty/

Additional Group DN:cn=group_name,cn=groups

And everything is almost fine, because we get group with members, however with also get all users that are not members of any group. And thats a prboblem, because there are ~38k of such users in given AD instance.

Answer
Watch
Like Be the first to like this
9428 views

2 answers

1 accepted

1 vote
Answer accepted
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 21, 2011

You need to set the user object filter under "user schema settings". There you need to filter for only users that are members of your group... using the memberOf attribute.

Eclipse directory studio or JXplorer is useful for testing this stuff.

View More Comments
ket.pjwstk
ket.pjwstk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2011

I've done as you wrote and it helped. Ie. I got specific group with users, however I get the following error:

INFO] [talledLocalContainer] com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidNameException: CN=Deleted Objects,null: [LDAP: error
code 34 - 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8350, best match of:
INFO] [talledLocalContainer] 'CN=Deleted Objects,null'
INFO] [talledLocalContainer] ]; nested exception is javax.naming.InvalidNameException: CN=Deleted Objects,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001F7,
problem 2006 (BAD_NAME), data 8350, best match of:
INFO] [talledLocalContainer] 'CN=Deleted Objects,null'
INFO] [talledLocalContainer] ]; remaining name 'CN=Deleted Objects,null'

Like
JamieA
JamieA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2011

Hrm, you might not have permission to that DN. See http://confluence.atlassian.com/display/JIRA/User+Management+Limitations+and+Recommendations#UserManagementLimitationsandRecommendations-SpecificNotesforConnectingtoActiveDirectory , 4th or 5th point.

Like
Reply
0 votes
Amit Girme
Amit Girme July 11, 2013
Temporary solution is remove incremental synchronization check box. Atlassian working on it https://jira.atlassian.com/browse/CWD-2581 Hopefully it wont take long.
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.