Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12054

Synchronizing a user directory (connector) fails at group membership sync with javax.naming.InvalidNameException if there are usernames without attributes in the group

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Long Term Backlog (View Workflow)
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: 6.5.0, 6.7.1
    • Fix Version/s: None
    • Component/s: User Management - LDAP
    • Labels:
      None

      Description

      Issue Summary

      Synchronising an external user directory (connector, such as LDAP) fails completely during the group membership step, if there are usernames of format uniqueMember: username in the group.  

      Steps to Reproduce

      1. Connect a user directory (LDAP) in Bitbucket Server
      2. An LDIF of a group (that will fail) looks like (Note uniqueMember:johndoe)
        group1, group, doman
        dn: cn=group1,ou=groups,dc=xxx,dc=xx
        uniqueMember: johndoe
        uniqueMember: uid=janedoe,ou=people,dc=xxx,dc=xxxx
        .......
        objectClass: top
        objectClass: groupOfUniqueNames
        cn: group1
        
      3. Click Synchronize

      Expected Results

      • Synchronization to be proceed, skipping invalid users names
      • Group membership synchronization for that group to be skipped
      • Sync process to continue synch'ing other groups

      Actual Results

      The directory fails to synchronise.

      The below exception is thrown in the atlassian-bitbucket.log file with debug enabled on Crowd class: com.atlassian.crowd. The group with the malformed names is the last listed before the error.

       DEBUG [Caesium-1-1]  c.a.c.d.l.monitoring.TimedSupplier Timed call for lookup with mapper on cn=group1,ou=groups,dc=xxxx,dc=xx took 3ms
       INFO  [Caesium-1-1]  c.a.c.d.DbCachingRemoteDirectory failed synchronisation complete for directory [ x ] in [ x ms ]
       DEBUG [Caesium-1-1]  c.a.s.i.crowd.HibernateDirectoryDao Updating object: com.atlassian.crowd.model.directory.DirectoryImpl@6b8e0580[lowerName=ldap server,description=<null>,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.OpenLDAP,allowedOperations=[DELETE_GROUP, CREATE_GROUP, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE],attributes={ldap.basedn=DC=xxx,DC=xx, ldap.user.filter=(&(objectClass=posixAccount)), ldap.user.username=uid, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=22784, autoAddGroups=stash-users, crowd.sync.incremental.enabled=true, ldap.group.usernames=uniqueMember, ldap.pagedresults.size=1000, ldap.read.timeout=120000, crowd.sync.group.membership.after.successful.user.auth.enabled=only_when_first_created, ldap.connection.timeout=10000, ldap.group.filter=(&(objectclass=groupOfUniqueNames)), ldap.roles.disabled=true, ldap.external.id=uid, ldap.url=xxxxx, ldap.usermembership.use.for.groups=false, ldap.pagedresults=false, ldap.user.password=userPassword, ldap.user.lastname=sn, ldap.group.name=cn, ldap.user.objectclass=posixAccount, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.referral=false, ldap.user.username.rdn=cn, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.propogate.changes=false, ldap.group.dn=ou=groups, ldap.pool.timeout=0, ldap.user.displayname=uid, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, com.atlassian.crowd.directory.sync.laststartsynctime=1574246377919, ldap.user.email=mail, ldap.user.group=uid, localUserStatusEnabled=false, ldap.user.encryption=sha, ldap.local.groups=true, ldap.group.description=description, ldap.user.dn=OU=People, ldap.group.objectclass=groupOfUniqueNames, ldap.filter.expiredUsers=false, ldap.search.timelimit=60000}]
      2019-11-20 11:40:00,713 ERROR [Caesium-1-1]  c.a.c.d.DbCachingDirectoryPoller Error occurred while refreshing the cache for directory [ x ].
      java.lang.RuntimeException: javax.naming.InvalidNameException: Invalid name: johndoe
      	at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:837)
      ...
      Caused by: javax.naming.InvalidNameException: Invalid name: johndoe
      	at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111)
      	at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:70)
      	at javax.naming.ldap.LdapName.parse(LdapName.java:785)
      	at javax.naming.ldap.LdapName.<init>(LdapName.java:123)
      	at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:835)
      	... 38 common frames omitted
      

      Workaround

      1. Remove the users with the misformatted names (jdoe, instead of uid=jdoe,ou=people,o=domain) in LDAP
      2. Try to sync again.
        Check if it fails again:
        ERROR [Caesium-1-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 111111 ].
        

        And if another group is listed right before that error:

        [crowd.directory.ldap.SpringLdapTemplateWrapper] call Timed call for lookup with mapper on cn=group2,ou=groups,o=domain took 34ms
        

        Then fix it the same way on the LDAP server (removing the malformatted usernames)

      You can check all the groups with malformatted usernames more quickly by excluding each group in the group user filter with (!(cn=group1))

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tathanassiadou Themis
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:

                  Backbone Issue Sync