Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.6.0, 6.6.1
-
4
-
Severity 2 - Major
-
Description
Summary
Upgrade task 60602 : Move users to Embedded Crowd (post-bootstrap) has potential to fail due to an AuthenticationException if the 60601 passes initial validation of the format but the credentials passed to the LDAP / Active Directory server aren't correct.
Steps to Reproduce
- Enter a full DN into atlassian-user.xml before upgrade for the securityPrincipal (make sure it's not valid)
- Perform the upgrade.
Expected Results
Bamboo should validate that authentication can be achieved through embedded crowd with the credentials from atlassian-user.xml before moving on to upgrade task 60602.
Actual Results
The below exception is thrown in the atlassian-bamboo.log file:
2018-08-29 21:56:57,267 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AbstractUpgradeManager] ----------------------------------------------------- 2018-08-29 21:56:57,267 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AbstractUpgradeManager] 60602 : Move users to Embedded Crowd (post-bootstrap) 2018-08-29 21:56:57,267 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AbstractUpgradeManager] ----------------------------------------------------- 2018-08-29 21:56:57,787 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AtlassianUserDataMigrator] Copying 4 groups... 2018-08-29 21:56:58,096 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [UpgradeTask60602MoveUsersToEmbeddedCrowd] Migration of groups took 492.6 ms 2018-08-29 21:56:58,098 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AtlassianUserDataMigrator] Copying 9 users... 2018-08-29 21:56:58,286 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [UpgradeTask60602MoveUsersToEmbeddedCrowd] Migration of users took 190.1 ms 2018-08-29 21:56:58,294 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AtlassianUserDataMigrator] Upgrading external membership information using data from the database 2018-08-29 21:56:58,295 INFO [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AtlassianUserDataMigrator] Copying 6 local memberships of LDAP users... 2018-08-29 21:56:58,778 WARN [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AtlassianUserDataMigrator] User not found in local repository. It might be available at external repository, creating user placeholder to be filled by Crowd on LDAP synchronization. User name: [acook], group name: [bamboo-admin] 2018-08-29 21:56:59,077 ERROR [17-UpgradeTaskBackgroundThread:pool-33-thread-1] [AbstractUpgradeManager] com.atlassian.crowd.exception.runtime.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1] com.atlassian.crowd.exception.runtime.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1] at com.atlassian.crowd.embedded.core.CrowdServiceImpl.addUserToGroup(CrowdServiceImpl.java:557) at com.atlassian.bamboo.upgrade.tasks.v6_6.ec.AtlassianUserDataMigrator.migrateMembershipInLocalGroup(AtlassianUserDataMigrator.java:389) at com.atlassian.bamboo.upgrade.tasks.v6_6.ec.AtlassianUserDataMigrator.access$400(AtlassianUserDataMigrator.java:71) at com.atlassian.bamboo.upgrade.tasks.v6_6.ec.AtlassianUserDataMigrator$4.processRowInternal(AtlassianUserDataMigrator.java:359) at com.atlassian.bamboo.upgrade.tasks.v6_6.ec.SessionClearingRowCallbackHandler.processRow(SessionClearingRowCallbackHandler.java:36)
Notes
At this point, you cannot update the atlassian-user.xml to fix any credentials issues.
Workaround
You can use the below SQL queries to update the bind DN and password to the correct credentials, directly in the Bamboo database and continue with the upgrade:
UPDATE CWD_DIRECTORY_ATTRIBUTE SET attribute_value = 'CN=admin,CN=users,CN=accounts,DC=example,DC=COM' WHERE attribute_name = 'ldap.userdn' and directory_id in (SELECT ID FROM CWD_DIRECTORY WHERE DIRECTORY_NAME = 'Upgraded atlassian-user LDAP (ldapRepository)'); UPDATE CWD_DIRECTORY_ATTRIBUTE SET attribute_value = 'password' WHERE attribute_name = 'ldap.password' and directory_id in (SELECT ID FROM CWD_DIRECTORY WHERE DIRECTORY_NAME = 'Upgraded atlassian-user LDAP (ldapRepository)');
Attachments
Issue Links
- is cloned as
-
BDEV-14987 Loading...