Details
-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
2.4
-
None
-
None
Description
If you have Write permissions on your LDAP and try to modify a group (either the description or the active field), it may fail with this error:
2012-08-24 10:22:55,139 http-8095-5 ERROR [console.action.group.UpdateGroup] org.springframework.ldap.AttributeInUseException: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS : failed for Modify Request Object : 'cn=Durarara,ou=groups,ou=system' Modification[0] Operation : add Modification description: test : ERR_254 Trying to add existing value {0} to attribute description]; nested exception is javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - ATTRIBUTE_OR_V ALUE_EXISTS: failed for Modify Request Object : 'cn=Durarara,ou=groups,ou=system' Modification[0] Operation : add Modification description: test : ERR_254 Trying to add existing value {0} to attribute description]; remaining name 'cn=Durarara,ou=groups,ou=system' com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.AttributeInUseException: [LDAP: error code 20 - ATTRIBUTE_OR_VALUE_EXISTS: failed for Modi fy Request Object : 'cn=Durarara,ou=groups,ou=system' Modification[0] Operation : add Modification description: test : ERR_254 Trying to add existing value {0} to attribute description]; nested exception is javax.naming.directory.AttributeInUseException: [LDAP: error code 20 - ATTRIBUTE_OR_V ALUE_EXISTS: failed for Modify Request Object : 'cn=Durarara,ou=groups,ou=system' Modification[0] Operation : add Modification description: test : ERR_254 Trying to add existing value {0} to attribute description]; remaining name 'cn=Durarara,ou=groups,ou=system' at com.atlassian.crowd.directory.SpringLDAPConnector.updateGroup(SpringLDAPConnector.java:1299) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.updateGroup(DbCachingRemoteDirectory.java:370) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.updateGroup(DirectoryManagerGeneric.java:553) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
Crowd is attempting to Add the description to LDAP, regardless of whether it exists or not. In this case, the description was empty, and the Active checkbox was unchecked. When the page refreshes, the Active box is checked again (because of CWD-2033), and a user will try to uncheck it and Update again, which causes Crowd to attempt to Add another empty description. Since a blank description value exists, it throws the duplicate attribute error as attribute:value pairs must be unique.
Crowd should either perform a modify if a description exists, or be able to swallow the error as it is essentially harmless since the description value is already present.
Workaround for LDAP Admins to Manage Group Memberships
It has been reported that this error may affect an admin's ability to edit group memberships. If you are comfortable manipulating your LDAP directly, use the following method to work around this limitation:
- Download and install Apache Directory Studio.
- Create a new connection to your LDAP using the same bind credentials that Crowd authenticates with.
- Add/Remove user memberships from within the LDAP tree.
Attachments
Issue Links
- duplicates
-
-
- Closed
-