Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
4.0
-
4
-
Description
Steps to replicate:
- Configure on the LDAP repository the Bind DN user to use a password with an XML special character e.g. atlassian&8 .
- In JIRA provide all required information in the Configure LDAP authentication page and generate osuser.xml .
<!-- osuser.xml autogenerated by user 'test' on 19/Oct/09 for JIRA 4.0 --> <opensymphony-user> <authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator"/> <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider"> <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property> <property name="java.naming.provider.url">ldap://172.20.4.147:389</property> <property name="searchBase">cn=Users,dc=test2,dc=local</property> <property name="uidSearchName">sAMAccountName</property> <property name="java.naming.security.principal">administrator</property> <property name="java.naming.security.credentials">atlassian&8</property> <property name="exclusive-access">true</property> </provider> <provider class="com.atlassian.core.ofbiz.osuser.CoreOFBizCredentialsProvider"> <property name="exclusive-access">true</property> </provider> <provider class="com.opensymphony.user.provider.ofbiz.OFBizProfileProvider"> <property name="exclusive-access">true</property> </provider> <provider class="com.opensymphony.user.provider.ofbiz.OFBizAccessProvider"> <property name="exclusive-access">true</property> </provider> </opensymphony-user>
Note <property name="java.naming.security.credentials">atlassian&8</property>
- Configure JIRA to use the generated osuser.xml .
- Restart JIRA to apply the change.
JIRA returns the 404 http status and in the log file reports:
2009-10-19 11:01:17,176 main ERROR [opensymphony.user.util.ConfigLoader] Could not parse config XML org.xml.sax.SAXParseException: The entity name must immediately follow the '&' in the entity reference. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEntityReference(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
Workaround
Manually replace any XML special characters with their escaped form.
In the above osuser.xml should read:
<property name="java.naming.security.credentials">atlassian&8</property>