Details
-
Bug
-
Resolution: Fixed
-
High
-
6.6.0, 6.6.1
-
10
-
Severity 3 - Minor
-
4
-
Description
Summary
When upgrading Bamboo to version 6.6, instances that are connected to Active Directory (AD) and not using a Distinguished Name for the securityPrincipal in atlassian-user.xml fail to migrate to Embedded Crowd, causing the Upgrade Tasks 60601 (and thus the upgrade itself) to fail.
Environment
- Bamboo before 6.6.x
- Upgrading to 6.6.x
- Using Active Directory
Steps to Reproduce
- Set up Bamboo linked to Active Directory
- Use a securityPrincipal that is not a DN in atlassian-user.xml
- Upgrade to 6.6.x
Expected Results
Users are migrated from atlassian-user to Embedded Crowd and the upgrade completes.
Actual Results
The below exception is thrown in the atlassian-bamboo.log file if the AD <securityPrincipal>foo@bar</securityPrincipal> is an email address:
2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] --------------------------------------------------------------------------------------------- 2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap) 2018-07-16 14:49:37,247 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] --------------------------------------------------------------------------------------------- 2018-07-16 14:49:37,278 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: dbo 2018-07-16 14:49:37,309 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [adRepository] 2018-07-16 14:49:37,325 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property securityPrincipal is not a valid distinguished name: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 8. Encountered: "@" (64), after : "" 2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [adRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@51cbd719] 2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository] 2018-07-16 14:49:37,325 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@7aa9a5f2] 2018-07-16 14:49:37,325 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information. ... Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information. ... 2018-07-16 14:49:37,325 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
The below exception is thrown in the atlassian-bamboo.log file if the AD <securityPrincipal>foo</securityPrincipal> is not an email address:
2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] --------------------------------------------------------------------------------------------- 2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] 60601 : Validate existing Atlassian User directories for Embedded Crowd migration (bootstrap) 2018-07-16 23:00:40,205 INFO [localhost-startStop-1] [BootstrapUpgradeManagerImpl] --------------------------------------------------------------------------------------------- 2018-07-16 23:00:40,252 INFO [localhost-startStop-1] [AbstractDbmsBean] Detected schema: dbo 2018-07-16 23:00:40,283 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [adRepository] 2018-07-16 23:00:40,314 ERROR [localhost-startStop-1] [LdapRepositoryConfigurationMigrator] Property securityPrincipal is not a valid distinguished name: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 5. Encountered: "\\" (92), after : "" 2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [adRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.LdapRepositoryConfigurationMigrator@3d7f4da0] 2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validating repository [hibernateRepository] 2018-07-16 23:00:40,314 INFO [localhost-startStop-1] [AtlassianUserMigrator] Validated repository [hibernateRepository] with [com.atlassian.bamboo.upgrade.tasks.v6_6.ec.HibernateRepositoryConfigurationMigrator@7ac71837] 2018-07-16 23:00:40,314 ERROR [localhost-startStop-1] [BootstrapUpgradeManagerImpl] Task 60601 failed java.lang.RuntimeException: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information. ... Caused by: com.atlassian.bamboo.upgrade.exception.ValidationException: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information. ... 2018-07-16 23:00:40,314 FATAL [localhost-startStop-1] [DefaultBootstrapManager] Validation tests failed: Bamboo can't migrate Atlassian User repositories due to validation errors. Please refer to logs for more information.
Workaround 1
- Stop Bamboo
- Update the securityPrincipal to use Distinguished Name format
- Start Bamboo
Workaround 2
Summary
Remove AD configuration from atlassian-user.xml, and upgrade using Hibernate user directory.
All existing membership between AD user and Bamboo local group will be lost.
Detail
- Stop your pre-6.6.x Bamboo
- Remove the AD configuration (<ldap>...</ldap>) tags from atlassian-user.xml
- Back up the Bamboo database
- Delete AD users from Bamboo database
This will not affect your Active Directory, it is modifying Bamboo's user directory informationDELETE FROM OS_PROPERTYENTRY WHERE ENTITY_ID IN (SELECT ID FROM EXTERNAL_ENTITIES); DELETE FROM EXTERNAL_ENTITIES; DELETE FROM EXTERNAL_MEMBERS;
- Find the admin user in Bamboo's Hibernate user database:
-- replace <username> with your admin username SELECT * FROM USERS WHERE NAME='<username>';
- Start your pre-6.6.x Bamboo instance to verify you can log in with the internal admin user found in Step 5
- If you are unable to log in, but the user exists, please follow Restoring passwords to recover admin users to set a temporary password
- Shut down your pre-6.6.x Bamboo instance
- Upgrade to 6.6.x
- After upgrade, configure LDAP at Administration >> Security >> User directories
Attachments
Issue Links
- is cloned as
-
BDEV-14985 Loading...