[BAM-19995] Active Directory User Repositories cannot be migrated to Embedded Crowd without Distinguished Name in securityPrincipal

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 6.8.0, 6.7.3
Affects Version/s: 6.6.0, 6.6.1
Component/s: Upgrading, User Management, Crowd & LDAP integration
Labels:

Support reference count:
10
Symptom Severity:
Severity 3 - Minor
UIS:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Summary

When upgrading Bamboo to version 6.6, instances that are connected to Active Directory (AD) and not using a Distinguished Name for the securityPrincipal in atlassian-user.xml fail to migrate to Embedded Crowd, causing the Upgrade Tasks 60601 (and thus the upgrade itself) to fail.

Environment

Bamboo before 6.6.x
Upgrading to 6.6.x
Using Active Directory

Steps to Reproduce

Set up Bamboo linked to Active Directory
Use a securityPrincipal that is not a DN in atlassian-user.xml
Upgrade to 6.6.x

Expected Results

Users are migrated from atlassian-user to Embedded Crowd and the upgrade completes.

Actual Results

The below exception is thrown in the atlassian-bamboo.log file if the AD <securityPrincipal>foo@bar</securityPrincipal> is an email address:

2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap)
2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 14:49:37,278 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: dbo
2018-07-16 14:49:37,309 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [adRepository]
2018-07-16 14:49:37,325 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property securityPrincipal is not a valid distinguished name: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 8. Encountered: "@" (64), after : ""
2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [adRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@51cbd719]
2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository]
2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@7aa9a5f2]
2018-07-16 14:49:37,325 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed
java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
...
Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
...
2018-07-16 14:49:37,325 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.

The below exception is thrown in the atlassian-bamboo.log file if the AD <securityPrincipal>foo</securityPrincipal> is not an email address:

2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap)
2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] ---------------------------------------------------------------------------------------------
2018-07-16 23:00:40,252 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: dbo
2018-07-16 23:00:40,283 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [adRepository]
2018-07-16 23:00:40,314 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property securityPrincipal is not a valid distinguished name: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5.  Encountered: "\\" (92), after : ""
2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [adRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@3d7f4da0]
2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository]
2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@7ac71837]
2018-07-16 23:00:40,314 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed
java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
...
Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
... 
2018-07-16 23:00:40,314 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.

Workaround 1

Stop Bamboo
Update the securityPrincipal to use Distinguished Name format
Start Bamboo

Workaround 2

Summary

Remove AD configuration from atlassian-user.xml, and upgrade using Hibernate user directory.
All existing membership between AD user and Bamboo local group will be lost.

Detail

Stop your pre-6.6.x Bamboo
Remove the AD configuration (<ldap>...</ldap>) tags from atlassian-user.xml
Back up the Bamboo database

Delete AD users from Bamboo database

This will not affect your Active Directory, it is modifying Bamboo's user directory information

DELETE FROM OS_PROPERTYENTRY WHERE ENTITY_ID IN (SELECT ID FROM EXTERNAL_ENTITIES);
DELETE FROM EXTERNAL_ENTITIES;
DELETE FROM EXTERNAL_MEMBERS;

Find the admin user in Bamboo's Hibernate user database:

-- replace <username> with your admin username
SELECT * FROM USERS WHERE NAME='<username>';

Start your pre-6.6.x Bamboo instance to verify you can log in with the internal admin user found in Step 5
- If you are unable to log in, but the user exists, please follow Restoring passwords to recover admin users to set a temporary password
Shut down your pre-6.6.x Bamboo instance
Upgrade to 6.6.x
After upgrade, configure LDAP at Administration >> Security >> User directories

is cloned as: BDEV-14985 Loading...

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 2:05 AM

Workflow	Original: Bamboo Workflow 2016 v1 - Restricted [ 2746555 ]	New: JAC Bug Workflow v3 [ 3385864 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Alexey Chystoprudov made changes - 09/Jan/2019 9:53 AM

Remote Link

New: This issue links to "+core+ New and Tasty › C Checks › ~~BAM-19995~~_improve_logging_message (tardigrade-bamboo)" [ 405863 ]

Alexey Chystoprudov made changes - 09/Jan/2019 9:45 AM

Remote Link

New: This issue links to "+core+ New and Tasty › A Core Builds › ~~BAM-19995~~_improve_logging_message (tardigrade-bamboo)" [ 405860 ]

Alexey Chystoprudov made changes - 17/Dec/2018 3:01 PM

Resolution		New: Fixed [ 1 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]

Alexey Chystoprudov made changes - 13/Dec/2018 11:22 PM

Fix Version/s		New: 6.7.3 [ 84390 ]
Fix Version/s		New: 6.8.0 [ 81602 ]
Status	Original: Open [ 1 ]	New: In Progress [ 3 ]

Alexey Chystoprudov made changes - 13/Dec/2018 11:21 PM

Assignee

New: Alexey Chystoprudov [ achystoprudov ]

Pawel Skierczynski made changes - 29/Oct/2018 1:45 PM

Remote Link

New: This issue links to "BDEV-14985 (Jira)" [ 395526 ]

Pawel Skierczynski made changes - 29/Oct/2018 1:44 PM

Labels

Original: bamboo-bugfix-kanban-candidate da-warranty embedded-crowd upgrade

New: bamboo-bugfix-kanban da-warranty embedded-crowd upgrade

SET Analytics Bot made changes - 27/Oct/2018 1:09 AM

Support reference count	Original: 9	New: 10
UIS	Original: 1	New: 4

Owen made changes - 24/Oct/2018 5:28 AM

Symptom Severity

Original: Minor [ 14432 ]

New: Severity 3 - Minor [ 15832 ]

Assignee:: Alexey Chystoprudov

Reporter:: Ellie Z (they/them)

Affected customers:: 2 This affects my team

Watchers:: 6 Start watching this issue

Created:: 19/Jul/2018 3:48 PM

Updated:: 19/Aug/2019 2:05 AM

Resolved:: 17/Dec/2018 3:01 PM

Details

Description

Summary

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround 1

Workaround 2

Summary

Detail

Attachments

Issue Links

Forms

Activity

People

Dates