Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
5.8.15
-
4
-
Severity 2 - Major
-
1
-
Description
LDAP group name with a unsafe character in Active Directory cause the synchronisation to fail. In this case was u000B.
Error found in the logs :
getValueFromAttributes Unsafe attribute value <Test Group\u000BName> for attribute <displayName>. Context: *****. . Attribute was skipped.
full stacktrace
2016-04-06 18:12:46,153 INFO [CrowdUsnChangedCacheRefresher:thread-2] [directory.ldap.util.DirectoryAttributeRetriever] getValueFromAttributes Unsafe attribute value <Test Group\u000BName> for attribute <cn>. Context: <CN=Test Group Name,OU=groups,OU=wayne,DC=OktaTestAD,DC=local>. . Attribute was skipped. 2016-04-06 18:12:46,153 ERROR [CrowdUsnChangedCacheRefresher:thread-2] [ldap.mapper.entity.LDAPGroupAttributesMapper] getGroupNameFromAttributes The following record does not have a groupname: NameAwareAttribute; attributes: {objectguid=NameAwareAttribute; id: objectGUID; hasValuesAsNames: false; orderMatters: false; values: [[B@4f474104], member=NameAwareAttribute; id: member; hasValuesAsNames: false; orderMatters: false; values: [CN=dong ding,OU=users,OU=wayne,DC=OktaTestAD,DC=local, CN=wayne test,OU=users,OU=wayne,DC=OktaTestAD,DC=local], objectsid=NameAwareAttribute; id: objectSid; hasValuesAsNames: false; orderMatters: false; values: [[B@4358ca01], cn=NameAwareAttribute; id: cn; hasValuesAsNames: false; orderMatters: false; values: [Test Group Name], objectclass=NameAwareAttribute; id: objectClass; hasValuesAsNames: false; orderMatters: false; values: [top, group], usnchanged=NameAwareAttribute; id: uSNChanged; hasValuesAsNames: false; orderMatters: false; values: [499725]} -- crowd.ldap.context: CN=Test Group Name,OU=groups,OU=wayne,DC=OktaTestAD,DC=local 2016-04-06 18:12:56,166 INFO [CrowdUsnChangedCacheRefresher:thread-1] [crowd.directory.ldap.SpringLdapTemplateWrapper] call Timed call for search with handler on DC=OktaTestAD, DC=Local took 10055ms 2016-04-06 18:12:56,166 INFO [CrowdUsnChangedCacheRefresher:thread-1] [directory.ldap.cache.UsnChangedCacheRefresher] call found [ 64 ] remote users in [ 10338ms ] 2016-04-06 18:12:56,169 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned and compared [ 64 ] users for delete in DB cache in [ 3ms ] 2016-04-06 18:12:56,169 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned for deleted users in [ 3ms ] 2016-04-06 18:12:56,172 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] getUsersToAddAndUpdate scanning [ 64 ] users to add or update 2016-04-06 18:12:56,173 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers scanned and compared [ 64 ] users for update in DB cache in [ 3ms ] 2016-04-06 18:12:56,174 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers synchronised [ 64 ] users in [ 4ms ] 2016-04-06 18:12:56,174 INFO [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache failed synchronisation complete for directory [ 9666562 ] in [ 10347ms ] 2016-04-06 18:12:56,187 ERROR [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 9666562 ]. com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal. at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:237) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:91) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$152(ConfluenceQuartzThreadPool.java:19) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal. at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:192) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllGroups(UsnChangedCacheRefresher.java:218) ... 13 more Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal. at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:441) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:476) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:459) at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjectsOfSpecifiedGroupType(SpringLDAPConnector.java:1236) at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupObjects(SpringLDAPConnector.java:1272) at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroups(SpringLDAPConnector.java:1304) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$3.call(UsnChangedCacheRefresher.java:157) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$3.call(UsnChangedCacheRefresher.java:152) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.springframework.ldap.UncategorizedLdapException: Unable to find the groupname of the principal. at com.atlassian.crowd.directory.ldap.mapper.entity.LDAPGroupAttributesMapper.getGroupNameFromAttributes(LDAPGroupAttributesMapper.java:137) at com.atlassian.crowd.directory.ldap.mapper.entity.LDAPGroupAttributesMapper.mapGroupFromAttributes(LDAPGroupAttributesMapper.java:98) at com.atlassian.crowd.directory.ldap.mapper.GroupContextMapper.mapFromContext(GroupContextMapper.java:65) at com.atlassian.crowd.directory.ldap.mapper.GroupContextMapper.mapFromContext(GroupContextMapper.java:27) at com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithCustomAttributes.mapFromContext(ContextMapperWithCustomAttributes.java:31) at org.springframework.ldap.core.ContextMapperCallbackHandler.getObjectFromNameClassPair(ContextMapperCallbackHandler.java:69) at org.springframework.ldap.core.CollectingNameClassPairCallbackHandler.handleNameClassPair(CollectingNameClassPairCallbackHandler.java:50) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:367) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$4.timedCall(SpringLdapTemplateWrapper.java:198) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$4.timedCall(SpringLdapTemplateWrapper.java:195) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:126) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:89) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:195) at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:405) ... 11 more
Expected behaviour
Confluence should continue the user repository synchronisation.
Actual behaviour
The synchronisation is interrupted by this error.
Workaround :
- Insert a ldap group filter :
(&(objectCategory=Group)(!(groupName=*\u000B*)))
- Retry the synchronisation