LDAP User is not case validated when granting permissions

XMLWordPrintable

      Summary

      When adding a LDAP user to Global or Plan permissions, the name is not case (UPPERCASE, lowercase, camelCase) validated resulting in the permission not being granted.

      Environment

      • Bamboo v5.14.x
      • Windows Active Directory
      • OpenDJ/DS
      • OpenLDAP

      Steps to Reproduce

      1. Create a LDAP user with an UPPERCASE username (e.g. MYUSER).
      2. Synchronise LDAP with Bamboo making use of atlassian-user.xml and/or atlassian-user-custom.xml (see Integrating Bamboo with LDAP documentation).
      3. Go to Bamboo administration >> Security >> Users and search for MYUSER just to confirm successful import into Bamboo.
            Validate user against database: 
        select * from EXTERNAL_ENTITIES;
+---------+-----------------+------+
| ID      | NAME            | TYPE |
+---------+-----------------+------+
| 2490369 | MYUSER          | EXT  |
+---------+-----------------+------+
      1. Go to Bamboo administration >> Security >> Global permissions or Plan configuration >> Permissions, select the "Add user" button, and type in the username MYUSER with a different case, e.g. myuser, and select "Add".
            Validate user's plan permission against database: 
        select PROJECT.TITLE PROJECT_TITLE,
       B.TITLE PLAN_TITLE,
       B.FULL_KEY PLAN_KEY,
       AE.SID USERNAME,
       AE.MASK
  from ACL_ENTRY AE
  join ACL_OBJECT_IDENTITY AOI on AE.ACL_OBJECT_IDENTITY = AOI.ID
  join BUILD B on AOI.OBJECT_ID_IDENTITY = B.BUILD_ID
  join PROJECT on B.PROJECT_ID = PROJECT.PROJECT_ID
 where B.build_type = 'CHAIN'
   and B.FULL_KEY = 'PROJ-PLAN';
+---------------+------------+-----------+----------------+------+
| PROJECT_TITLE | PLAN_TITLE | PLAN_KEY  | USERNAME       | MASK |
+---------------+------------+-----------+----------------+------+
| Project       | Plan       | PROJ-PLAN | myuser         |    1 |
| Project       | Plan       | PROJ-PLAN | myuser         |    2 |
| Project       | Plan       | PROJ-PLAN | myuser         |   64 |
| Project       | Plan       | PROJ-PLAN | myuser         |  128 |
| Project       | Plan       | PROJ-PLAN | myuser         |   16 |
+---------------+------------+-----------+----------------+------+

      Expected Results

      myuser should have access to 'PROJ-PLAN' as per described above.

      Actual Results

      myuser does not have permissions over 'PROJ-PLAN' because MYUSER (EXTERNAL_ENTITIES table) differs from myuser (ACL_ENTRY table

      Notes

      When Bamboo's user repository is selected as Local users and groups, by typing in a username, Bamboo:

      • Searches against its internal directory checking if user exists and
        • if user is found, it displays the user's name below the input field.
              However, this same validation does not happen when Custom user repository is selected under Bamboo administration >> Security >> User repositories letting case insensitive entries be entered

      Workaround

      When granting permissions, the username must be typed in using the same case as it is in LDAP / the same case displayed in Bamboo administration >> Security >> Users.

            Assignee:
            Unassigned
            Reporter:
            Rafael Sperafico (Inactive)
            Votes:
            9 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: