-
Bug
-
Resolution: Done
-
Medium
-
5.10.0
-
Severity 2 - Major
-
1
-
2016-02-04 16:16:26,225 ERROR [http-nio-8085-exec-57] [LDAPUserManagerReadOnly] Error retrieving user: 'user' from LDAP server ldap.server[10.10.10.10] com.atlassian.user.impl.ldap.repository.LdapConnectionFailedException: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory] at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:106) at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:70) at com.atlassian.user.impl.ldap.search.DefaultLDAPUserAdaptor.search(DefaultLDAPUserAdaptor.java:54) at com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.getUser(LDAPUserManagerReadOnly.java:76) at com.atlassian.user.impl.cache.CachingUserManager.getUser(CachingUserManager.java:73) at com.atlassian.user.impl.delegation.DelegatingUserManager.getUser(DelegatingUserManager.java:70) at sun.reflect.GeneratedMethodAccessor957.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.atlassian.crowd.integration.atlassianuser.DynamicDelegationAccessor$DelegatingInvocationHandler.invoke(DynamicDelegationAccessor.java:125) at com.sun.proxy.$Proxy36.getUser(Unknown Source) at bucket.user.DefaultUserAccessor.getUser(DefaultUserAccessor.java:149) at com.atlassian.bamboo.user.BambooUserManagerImpl.getUser(BambooUserManagerImpl.java:137) at sun.reflect.GeneratedMethodAccessor946.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy48.getUser(Unknown Source) at com.atlassian.bamboo.v2.build.trigger.ManualTriggerReasonRenderer.getContextParams(ManualTriggerReasonRenderer.java:37) at com.atlassian.bamboo.v2.build.trigger.DefaultTriggerReasonRenderer.getShortDescriptionHtml(DefaultTriggerReasonRenderer.java:43) at com.atlassian.bamboo.resultsummary.AbstractResultsSummary.getReasonSummary(AbstractResultsSummary.java:195) at com.atlassian.bamboo.plan.cache.ImmutableResultsSummaryImpl.<init>(ImmutableResultsSummaryImpl.java:121) at com.atlassian.bamboo.plan.cache.ImmutablePlanManagerImpl.createImmutableResultSummary(ImmutablePlanManagerImpl.java:274) at com.atlassian.bamboo.plan.cache.ImmutablePlanManagerImpl.getLatestResultForPlan(ImmutablePlanManagerImpl.java:164) at sun.reflect.GeneratedMethodAccessor1704.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:98) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:262) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:95) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy131.getLatestResultForPlan(Unknown Source) at com.atlassian.bamboo.plan.cache.AbstractImmutableChain$1.create(AbstractImmutableChain.java:54) at com.atlassian.bamboo.plan.cache.AbstractImmutableChain$1.create(AbstractImmutableChain.java:50) at com.atlassian.util.concurrent.ResettableLazyReference$InternalReference.create(ResettableLazyReference.java:179) at com.atlassian.util.concurrent.LazyReference$Sync.run(LazyReference.java:325) at com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:143) ... Caused by: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory] at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:247) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1604) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.InitialContext.<init>(InitialContext.java:216) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) at com.atlassian.user.impl.ldap.repository.DefaultLdapContextFactory.getLDAPContext(DefaultLdapContextFactory.java:96) ... 243 more Caused by: java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory at com.atlassian.plugins.rest.module.ChainingClassLoader.loadClass(ChainingClassLoader.java:65) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:348) at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72) at com.sun.jndi.ldap.LdapPoolManager.isPoolingAllowed(LdapPoolManager.java:239) ... 256 more
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
[BAM-17196] User not found during REST call or plugin calls when LDAP is used
pbruski - a few hours ago, we got a likely related bug report from an Identity Federation for AWS (Bamboo) user. They encounter a ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory in a call chain of our add-on that uses a com.atlassian.bamboo.user.BambooUserManager to assemble a list of available groups (see attached UAA-229.ClassNotFoundException.LdapHostnameVerificationSSLSocketFactory.log
).
Our add-on does not import the com.atlassian.user.util package mentioned by achystoprudov, as it does not use any of its classes directly. We only use a dependency injected BambooUserManager instance, hence the question:
What is the fix for this issue and will it cover the problem our users encountered as well (provided they upgrade to Bamboo 5.14.2)?
Would it be a valid workaround for our existing customers if we added the import-package statement to our add-on for compatibility with Bamboo < 5.14.2?
Timothy Mukaibo
added a comment - Not sure what causes this, but became affected by it today after restarting the master. Real PITA. Thanks for the work around @richard.cross1
Timothy Mukaibo
added a comment - Not sure what causes this, but became affected by it today after restarting the master. Real PITA. Thanks for the work around @richard.cross1 The following fixed it for me, but you will need to remember to re-apply this after any upgrades (especially if installing from tar.gz):
- Stop Bamboo
- Edit the file: <Bamboo install directory>/atlassian-bamboo/WEB-INF/classes/ehcache.xml
and uncomment this section:<cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.myLdapRepository.users" maxElementsInMemory="500" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="300" />
- Modify the above section like this:
<cache name="com.atlassian.user.impl.ldap.LDAPUserManagerReadOnly.ldapRepository.users" maxElementsInMemory="500" eternal="false" timeToIdleSeconds="300" timeToLiveSeconds="300" />
(ldapRepository is the key of your repository in atlassian-user.xml)
- Start Bamboo
Oliver D
added a comment - Additionally, it seems that atlassian-rest-module-3.0.9-bamboo-rest-355.jar also requires fixing the Manifest on Bamboo 5.10.3
Oliver D
added a comment - Additionally, it seems that atlassian-rest-module-3.0.9-bamboo-rest-355.jar also requires fixing the Manifest on Bamboo 5.10.3 Oliver D
added a comment - Also having this issue - I would wonder if turning off hostname verification is a viable workaround for anyone who doesn't care about lowering security like that.
Oliver D
added a comment - Also having this issue - I would wonder if turning off hostname verification is a viable workaround for anyone who doesn't care about lowering security like that. We are being affected by this. It seems like the users who get affected, stay affected. They are no longer able to login until the server is reset, which suggests some sort of in-memory caching effect that happens as a result of this issue? Based upon Alexey's comment above, I have patched the .jar and I am hoping this addresses the issue until Atlassian can fix it properly.
Package com.atlassian.user.util was not imported in Manifest.mf of atlassian-bamboo-plugin-rest-5.10.0.jar, so class is not available for REST system classloader
We now dynamically change the classloader during calls to the user manager. Yes, once your users upgrade, the problem will be gone for them too. We will probably ship 5.14.2 within a week or so.
Import statements should fix it, but it may be tricky to figure out which imports are needed.