LDAP Sync - Exception | Community
Skip to main content
martina_schwed
martina_schwed
New Participant
October 16, 2015
Solved

LDAP Sync - Exception

  • October 16, 2015
  • 2 replies
  • 1437 views

Hi,

I have AEM 6.0 and configured an LDAP connection. By using "External Identity Synchronization Management (UserManagement)" (system/console/jmx) in the OSGI and use syncAllExternalUsers() I received the following exception:

java.lang.NullPointerException at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SyncMBeanImpl.getJSONString(SyncMBeanImpl.java:349) at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SyncMBeanImpl.access$300(SyncMBeanImpl.java:57) at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SyncMBeanImpl$Delegatee.syncAllExternalUsers(SyncMBeanImpl.java:254) at org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.SyncMBeanImpl.syncAllExternalUsers(SyncMBeanImpl.java:422) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71) at sun.reflect.GeneratedMethodAccessor519.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46) at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) at javax.management.StandardMBean.invoke(StandardMBean.java:405) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449) at java.security.AccessController.doPrivileged(Native Method)

In the log-file I can see that 1000 entries where found but after the first 48 entries the "sync" is "canceled".

Log-entries:

  • [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider search below <??> found <??>
  • [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider search below <??> found 1000 entries
  • [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider listUsers() (connect=1.34ms, lookup=2.92s)
  • [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler Membership of user '<??>' do not need sync.
  • [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler sync(<??>) -> <??> (find=493.73us, sync=7.23ms)

In AEM 5.6 there exists a configuration cacheMaxSize with a default value 1000, but I cannot find this configuration option in AEM 6.0. (http://docs.adobe.com/docs/en/cq/5-6-1/core/administering/ldap_authentication.html).

My questions are now:

  1. Has anybody an idea about the "problem" with the exception in the sync?
  2. Has anybody done an ldap sync with around 10000 users? Is there any additional configuration necessary?
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Andras_Fejer

I thought I might add some information here, in case anyone has the same issue.

Some of the users have already been created manually via the useradmin. During the JMX LDAP Sync those users (which had the same authorizableId as the LDAP users) could not be synced because the User was already available and one property (most likely rep:principalName) didn't match. After removing the users which were manually created and were causing the issue, the sync was successful.

Unfortunately the log entries didn't offer a proper message about what was causing the issue.

2 replies

Andras_Fejer
Andras_FejerAccepted solution
New Participant
October 16, 2015

I thought I might add some information here, in case anyone has the same issue.

Some of the users have already been created manually via the useradmin. During the JMX LDAP Sync those users (which had the same authorizableId as the LDAP users) could not be synced because the User was already available and one property (most likely rep:principalName) didn't match. After removing the users which were manually created and were causing the issue, the sync was successful.

Unfortunately the log entries didn't offer a proper message about what was causing the issue.

smacdonald2008
smacdonald2008
New Participant
October 16, 2015

THis may be a bug - please open a ticket for AEM with this issue. 

Terms & ConditionsAccessibility statement

Loading footer...