Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-17196

User not found during REST call or plugin calls when LDAP is used

      2016-02-04 16:16:26,225 ERROR [http-nio-8085-exec-57] [LDAPUserManagerReadOnly] Error retrieving user: 'user' from LDAP server ldap.server[10.10.10.10]
      com.atlassian.user.impl.ldap.repository.LdapConnectionFailedException: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory]
              at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:106)
              at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:70)
              at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:54)
              at com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.getUser(LDAPUserManagerReadOnly.java:76)
              at com.atlassian.user.impl.cache.CachingUserManager.getUser(CachingUserManager.java:73)
              at com.atlassian.user.impl.delegation.DelegatingUserManager.getUser(DelegatingUserManager.java:70)
              at sun.reflect.GeneratedMethodAccessor957.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at com.atlassian.crowd.integration.atlassianuser.DynamicDelegationAccessor$DelegatingInvocationHandler.invoke(DynamicDelegationAccessor.java:125)
              at com.sun.proxy.$Proxy36.getUser(Unknown Source)
              at bucket.user.DefaultUserAccessor.getUser(DefaultUserAccessor.java:149)
              at com.atlassian.bamboo.user.BambooUserManagerImpl.getUser(BambooUserManagerImpl.java:137)
              at sun.reflect.GeneratedMethodAccessor946.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
              at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98)
              at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
              at com.sun.proxy.$Proxy48.getUser(Unknown Source)
              at com.atlassian.bamboo.v2.build.trigger.ManualTriggerReasonRenderer.getContextParams(ManualTriggerReasonRenderer.java:37)
              at com.atlassian.bamboo.v2.build.trigger.DefaultTriggerReasonRenderer.getShortDescriptionHtml(DefaultTriggerReasonRenderer.java:43)
              at com.atlassian.bamboo.resultsummary.AbstractResultsSummary.getReasonSummary(AbstractResultsSummary.java:195)
              at com.atlassian.bamboo.plan.cache.ImmutableResultsSummaryImpl.<init>(ImmutableResultsSummaryImpl.java:121)
              at com.atlassian.bamboo.plan.cache.ImmutablePlanManagerImpl.createImmutableResultSummary(ImmutablePlanManagerImpl.java:274)
              at com.atlassian.bamboo.plan.cache.ImmutablePlanManagerImpl.getLatestResultForPlan(ImmutablePlanManagerImpl.java:164)
              at sun.reflect.GeneratedMethodAccessor1704.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
              at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98)
              at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
              at com.sun.proxy.$Proxy131.getLatestResultForPlan(Unknown Source)
              at com.atlassian.bamboo.plan.cache.AbstractImmutableChain$1.create(AbstractImmutableChain.java:54)
              at com.atlassian.bamboo.plan.cache.AbstractImmutableChain$1.create(AbstractImmutableChain.java:50)
              at com.atlassian.util.concurrent.ResettableLazyReference$InternalReference.create(ResettableLazyReference.java:179)
              at com.atlassian.util.concurrent.LazyReference$Sync.run(LazyReference.java:325)
              at com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:143)
      ...
      Caused by: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory]
              at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:247)
              at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1604)
              at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
              at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
              at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
              at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
              at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
              at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
              at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
              at javax.naming.InitialContext.init(InitialContext.java:244)
              at javax.naming.InitialContext.<init>(InitialContext.java:216)
              at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
              at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:96)
              ... 243 more
      Caused by: java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory
              at com.atlassian.plugins.rest.module.ChainingClassLoader.loadClass(ChainingClassLoader.java:65)
              at java.lang.Class.forName0(Native Method)
              at java.lang.Class.forName(Class.java:348)
              at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72)
              at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:239)
              ... 256 more
      

            [BAM-17196] User not found during REST call or plugin calls when LDAP is used

             What is the fix for this issue and will it cover the problem our users encountered as well (provided they upgrade to Bamboo 5.14.2)?

            We now dynamically change the classloader during calls to the user manager. Yes, once your users upgrade, the problem will be gone for them too. We will probably ship 5.14.2 within a week or so.

            Would it be a valid workaround for our existing customers if we added the import-package statement to our add-on for compatibility with Bamboo < 5.14.2?

             
            Import statements should fix it, but it may be tricky to figure out which imports are needed.

            Przemek Bruski added a comment -  What is the fix for this issue and will it cover the problem our users encountered as well (provided they upgrade to Bamboo 5.14.2)? We now dynamically change the classloader during calls to the user manager. Yes, once your users upgrade, the problem will be gone for them too. We will probably ship 5.14.2 within a week or so. Would it be a valid workaround for our existing customers if we added the import-package statement to our add-on for compatibility with Bamboo < 5.14.2?   Import statements should fix it, but it may be tricky to figure out which imports are needed.

            pbruski - a few hours ago, we got a likely related bug report from an Identity Federation for AWS (Bamboo) user. They encounter a ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory in a call chain of our add-on that uses a com.atlassian.bamboo.user.BambooUserManager to assemble a list of available groups (see attached UAA-229.ClassNotFoundException.LdapHostnameVerificationSSLSocketFactory.log).

            Our add-on does not import the com.atlassian.user.util package mentioned by achystoprudov, as it does not use any of its classes directly. We only use a dependency injected BambooUserManager instance, hence the question:

            What is the fix for this issue and will it cover the problem our users encountered as well (provided they upgrade to Bamboo 5.14.2)?

            Would it be a valid workaround for our existing customers if we added the import-package statement to our add-on for compatibility with Bamboo < 5.14.2?

            Henrik Opel [Utoolity] added a comment - pbruski - a few hours ago, we got a likely related bug report from an Identity Federation for AWS (Bamboo) user. They encounter a ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory in a call chain of our add-on that uses a com.atlassian.bamboo.user.BambooUserManager to assemble a list of available groups (see attached UAA-229.ClassNotFoundException.LdapHostnameVerificationSSLSocketFactory.log ). Our add-on does not import the com.atlassian.user.util package mentioned by achystoprudov , as it does not use any of its classes directly. We only use a dependency injected BambooUserManager instance, hence the question: What is the fix for this issue and will it cover the problem our users encountered as well (provided they upgrade to Bamboo 5.14.2)? Would it be a valid workaround for our existing customers if we added the import-package statement to our add-on for compatibility with Bamboo < 5.14.2?

            Not sure what causes this, but became affected by it today after restarting the master. Real PITA. Thanks for the work around @richard.cross1

            Timothy Mukaibo added a comment - Not sure what causes this, but became affected by it today after restarting the master. Real PITA. Thanks for the work around @richard.cross1

            The following fixed it for me, but you will need to remember to re-apply this after any upgrades (especially if installing from tar.gz):

            1. Stop Bamboo
            2. Edit the file: <Bamboo install directory>/atlassian-bamboo/WEB-INF/classes/ehcache.xml
              and uncomment this section:
              <cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.myLdapRepository.users"
                       maxElementsInMemory="500"
                       eternal="false"
                       timeToIdleSeconds="300"
                       timeToLiveSeconds="300"
                    />  
              
            3. Modify the above section like this:
              <cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users"
                       maxElementsInMemory="500"
                       eternal="false"
                       timeToIdleSeconds="300"
                       timeToLiveSeconds="300"
                    />
              

              (ldapRepository is the key of your repository in atlassian-user.xml)

            4. Start Bamboo

            Richard Cross added a comment - The following fixed it for me, but you will need to remember to re-apply this after any upgrades (especially if installing from tar.gz): Stop Bamboo Edit the file: <Bamboo install directory>/atlassian-bamboo/WEB-INF/classes/ehcache.xml and uncomment this section: <cache name= "com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.myLdapRepository.users" maxElementsInMemory= "500" eternal= "false" timeToIdleSeconds= "300" timeToLiveSeconds= "300" /> Modify the above section like this: <cache name= "com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users" maxElementsInMemory= "500" eternal= "false" timeToIdleSeconds= "300" timeToLiveSeconds= "300" /> (ldapRepository is the key of your repository in atlassian-user.xml) Start Bamboo

            Oliver D added a comment -

            Additionally, it seems that atlassian-rest-module-3.0.9-bamboo-rest-355.jar also requires fixing the Manifest on Bamboo 5.10.3

            Oliver D added a comment - Additionally, it seems that atlassian-rest-module-3.0.9-bamboo-rest-355.jar also requires fixing the Manifest on Bamboo 5.10.3

            Oliver D added a comment -

            Also having this issue - I would wonder if turning off hostname verification is a viable workaround for anyone who doesn't care about lowering security like that.

            Oliver D added a comment - Also having this issue - I would wonder if turning off hostname verification is a viable workaround for anyone who doesn't care about lowering security like that.

            We are being affected by this. It seems like the users who get affected, stay affected. They are no longer able to login until the server is reset, which suggests some sort of in-memory caching effect that happens as a result of this issue? Based upon Alexey's comment above, I have patched the .jar and I am hoping this addresses the issue until Atlassian can fix it properly.

            Mark Mielke added a comment - We are being affected by this. It seems like the users who get affected, stay affected. They are no longer able to login until the server is reset, which suggests some sort of in-memory caching effect that happens as a result of this issue? Based upon Alexey's comment above, I have patched the .jar and I am hoping this addresses the issue until Atlassian can fix it properly.

            Package com.atlassian.user.util was not imported in Manifest.mf of atlassian-bamboo-plugin-rest-5.10.0.jar, so class is not available for REST system classloader

            Alexey Chystoprudov added a comment - Package com.atlassian.user.util was not imported in Manifest.mf of atlassian-bamboo-plugin-rest-5.10.0.jar, so class is not available for REST system classloader

              pbruski Przemek Bruski
              achystoprudov Alexey Chystoprudov
              Affected customers:
              10 This affects my team
              Watchers:
              23 Start watching this issue

                Created:
                Updated:
                Resolved: