Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-12054

Synchronizing a user directory (connector) fails at group membership sync with javax.naming.InvalidNameException if there are usernames without attributes in the group

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 6.5.0, 6.7.1
    • User Management - LDAP
    • None

    Description

      Issue Summary

      Synchronising an external user directory (connector, such as LDAP) fails completely during the group membership step, if there are usernames of format uniqueMember: username in the group.  

      Steps to Reproduce

      1. Connect a user directory (LDAP) in Bitbucket Server
      2. An LDIF of a group (that will fail) looks like (Note uniqueMember:johndoe) 
        group1, group, doman
dn: cn=group1,ou=groups,dc=xxx,dc=xx
uniqueMember: johndoe
uniqueMember: uid=janedoe,ou=people,dc=xxx,dc=xxxx
.......
objectClass: top
objectClass: groupOfUniqueNames
cn: group1
      3. Click Synchronize

      Expected Results

      • Synchronization to be proceed, skipping invalid users names
      • Group membership synchronization for that group to be skipped
      • Sync process to continue synch'ing other groups

      Actual Results

      The directory fails to synchronise.

      The below exception is thrown in the atlassian-bitbucket.log file with debug enabled on Crowd class: com.atlassian.crowd. The group with the malformed names is the last listed before the error.

       DEBUG [Caesium-1-1]  c.a.c.d.l.monitoring.TimedSupplier Timed call for lookup with mapper on cn=group1,ou=groups,dc=xxxx,dc=xx took 3ms
 INFO  [Caesium-1-1]  c.a.c.d.DbCachingRemoteDirectory failed synchronisation complete for directory [ x ] in [ x ms ]
 DEBUG [Caesium-1-1]  c.a.s.i.crowd.HibernateDirectoryDao Updating object: com.atlassian.crowd.model.directory.DirectoryImpl@6b8e0580[lowerName=ldap server,description=<null>,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.OpenLDAP,allowedOperations=[DELETE_GROUP, CREATE_GROUP, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE],attributes={ldap.basedn=DC=xxx,DC=xx, ldap.user.filter=(&(objectClass=posixAccount)), ldap.user.username=uid, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=22784, autoAddGroups=stash-users, crowd.sync.incremental.enabled=true, ldap.group.usernames=uniqueMember, ldap.pagedresults.size=1000, ldap.read.timeout=120000, crowd.sync.group.membership.after.successful.user.auth.enabled=only_when_first_created, ldap.connection.timeout=10000, ldap.group.filter=(&(objectclass=groupOfUniqueNames)), ldap.roles.disabled=true, ldap.external.id=uid, ldap.url=xxxxx, ldap.usermembership.use.for.groups=false, ldap.pagedresults=false, ldap.user.password=userPassword, ldap.user.lastname=sn, ldap.group.name=cn, ldap.user.objectclass=posixAccount, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.referral=false, ldap.user.username.rdn=cn, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.propogate.changes=false, ldap.group.dn=ou=groups, ldap.pool.timeout=0, ldap.user.displayname=uid, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, com.atlassian.crowd.directory.sync.laststartsynctime=1574246377919, ldap.user.email=mail, ldap.user.group=uid, localUserStatusEnabled=false, ldap.user.encryption=sha, ldap.local.groups=true, ldap.group.description=description, ldap.user.dn=OU=People, ldap.group.objectclass=groupOfUniqueNames, ldap.filter.expiredUsers=false, ldap.search.timelimit=60000}]
2019-11-20 11:40:00,713 ERROR [Caesium-1-1]  c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ x ].
java.lang.RuntimeException: javax.naming.InvalidNameException: Invalid name: johndoe
	at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:837)
...
Caused by: javax.naming.InvalidNameException: Invalid name: johndoe
	at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111)
	at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:70)
	at javax.naming.ldap.LdapName.parse(LdapName.java:785)
	at javax.naming.ldap.LdapName.<init>(LdapName.java:123)
	at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:835)
	... 38 common frames omitted

      Workaround

      1. Remove the users with the misformatted names (jdoe, instead of uid=jdoe,ou=people,o=domain) in LDAP
      2. Try to sync again.
        Check if it fails again: 
        ERROR [Caesium-1-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 111111 ].

        And if another group is listed right before that error:

        [crowd.directory.ldap.SpringLdapTemplateWrapper] call Timed call for lookup with mapper on cn=group2,ou=groups,o=domain took 34ms

        Then fix it the same way on the LDAP server (removing the malformatted usernames)

      You can check all the groups with malformatted usernames more quickly by excluding each group in the group user filter with (!(cn=group1))

      Attachments

        Issue Links

          is caused by

          Suggestion - CWD-5502 Synchronization fails if there exists any user member in LDAP with invalid name format

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              tathanassiadou Themis
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:

                Backbone Issue Sync