[#JRA-14905] LDAP configuration tool fails to test correctly connection to repository

JIRA

LDAP configuration tool fails to test correctly connection to repository

Created: 01/May/08 10:30 PM Updated: 17/Jun/08 09:13 PM

Component/s:

UI / Usability, User Management

Affects Version/s:

3.12.3

Fix Version/s:

None

Time Tracking:

Not Specified

Participants:	Anton Mazkovoi [Atlassian], Bogdan Dziedzic [Atlassian] and Holger Schimanski
Since last comment:	16 weeks, 2 days ago
Labels:	support_improvement

Description

« Hide

If one tries to configure JIRA with the LDAP configuration tool (JIRA ent) and a user supplied in Sample user to authenticate doesn't have the search permission on the LDAP repository, JIRA will report the following error in the UI:

Initial connect and search successful, but second phase connection to LDAP as 'CN=Test,CN=Users,dc=test,dc=local' failed (error: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Users,DC=test,DC=local' �]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'. More in logs)

and in the log file is recoded:

2008-05-02 12:53:12,922 http-8080-Processor23 INFO [web.action.util.LDAPConfigurer] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Users,DC=test,DC=local'
]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Users,DC=test,DC=local'
]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3030)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1807)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
        at com.atlassian.jira.web.action.util.LDAPConfigurer.ldapAuthenticate(LDAPConfigurer.java:211)
        at com.atlassian.jira.web.action.util.LDAPConfigurer.doValidation(LDAPConfigurer.java:124)
        at webwork.action.ActionSupport.validate(ActionSupport.java:373)
        at webwork.action.ActionSupport.execute(ActionSupport.java:150)
        at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:54)
        at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:132)
        at com.atlassian.jira.web.dispatcher.JiraServletDispatcher.service(JiraServletDispatcher.java:211)

Although, if one manually creates osuser.xml the same user as used in the test as Sample user to authenticate is authenticated correctly against the LDAP repository.

In other words, issue is experienced only if LDAPConfigurer is used and opensymphony seems to be OK.

Description

Initial connect and search successful, but second phase connection to LDAP as 'CN=Test,CN=Users,dc=test,dc=local' failed (error: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Users,DC=test,DC=local' �]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'. More in logs)

and in the log file is recoded:

2008-05-02 12:53:12,922 http-8080-Processor23 INFO [web.action.util.LDAPConfigurer] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Users,DC=test,DC=local'
]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03151EFD, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Users,DC=test,DC=local'
]; remaining name 'CN=Test,CN=Users,dc=test,dc=local'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3030)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1807)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
        at com.atlassian.jira.web.action.util.LDAPConfigurer.ldapAuthenticate(LDAPConfigurer.java:211)
        at com.atlassian.jira.web.action.util.LDAPConfigurer.doValidation(LDAPConfigurer.java:124)
        at webwork.action.ActionSupport.validate(ActionSupport.java:373)
        at webwork.action.ActionSupport.execute(ActionSupport.java:150)
        at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:54)
        at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:132)
        at com.atlassian.jira.web.dispatcher.JiraServletDispatcher.service(JiraServletDispatcher.java:211)

Although, if one manually creates osuser.xml the same user as used in the test as Sample user to authenticate is authenticated correctly against the LDAP repository. In other words, issue is experienced only if LDAPConfigurer is used and opensymphony seems to be OK.

Show »

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Holger Schimanski added a comment - 05/May/08 01:31 AM

I would say, this is a bug, not an improvement, because somewhere in JIRA documentation it says, that LDAP is only used for authentication, but the LDAP Configurer is doing a search with the test user account.

[ Permlink | « Hide ]

Anton Mazkovoi [Atlassian] added a comment - 06/May/08 03:54 AM

Yes, I believe this is a bug. I have updated the issue.