-
Bug
-
Resolution: Tracked Elsewhere
-
Low
-
None
-
5.11.1, 5.14.2, 6.9.1
-
None
-
1
-
Severity 3 - Minor
-
Issue Summary
When Bitbucket configured with Delegated LDAP connection, Bitbucket HTTP connection only have a single LDAP connection to LDAP server without timeout causing all HTTP connections loading non-stop during login
Steps to Reproduce
- Configure Bitbucket with Delegated LDAP connection at Administration >> User Directories >> Add Directory >> Internal with LDAP Authentication
- Create a user in Bitbucket Server with a LDAP username
- Login with Delegated LDAP user to confirm that it is working fine
- Shutdown LDAP server (port 10389) and start another application with the same port
- Login with the same Delegated LDAP user
- Shutdown the application that use the port 10389
- Start LDAP server (port 10389)
- Login with the same Delegated LDAP user in multiple browsers
Expected Results
Step 4 will load non-stop while step 7 will succeed
Actual Results
All login attempt loading non-stop.
Thread dump shows only a single LDAP connection from HTTP thread:
"http-nio-7990-exec-4" #22 daemon prio=5 tid=0x00007ff16f7a1000 nid=0x7d03 in Object.wait() [0x000070000ebad000] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:502) at com.sun.jndi.ldap.Connection.readReply(Connection.java:476) - locked <0x000000078f1a05e8> (a com.sun.jndi.ldap.LdapRequest) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365) - locked <0x000000078f1a0780> (a com.sun.jndi.ldap.LdapClient) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) - locked <0x000000078f1a0780> (a com.sun.jndi.ldap.LdapClient) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) at com.sun.jndi.ldap.LdapCtx. (LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext. (InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:174) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$10.timedCall(SpringLdapTemplateWrapper.java:354) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$10.timedCall(SpringLdapTemplateWrapper.java:351) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:146) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:351) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.searchWithLimitedResults(SpringLdapTemplateWrapper.java:399) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:518) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:479) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:715) at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:664) at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:650) at com.atlassian.crowd.directory.SpringLDAPConnector.authenticate(SpringLDAPConnector.java:1165) at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:171) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:317) at com.atlassian.stash.internal.crowd.CustomizedDirectoryManager.authenticateUser(CustomizedDirectoryManager.java:52)
All other HTTP threads in waiting status:
"http-nio-7990-exec-7" #25 daemon prio=5 tid=0x00007ff1704f1000 nid=0x8303 waiting on condition [0x000070000eeba000] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for <0x000000078f1a0e80> (a com.atlassian.util.concurrent.ConcurrentOperationMapImpl$CallerRunsFuture) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175) at java.util.concurrent.FutureTask.awaitDone(FutureTask.java:429) at java.util.concurrent.FutureTask.get(FutureTask.java:191) at com.atlassian.util.concurrent.ConcurrentOperationMapImpl$CallerRunsFuture.get(ConcurrentOperationMapImpl.java:65) at com.atlassian.util.concurrent.ConcurrentOperationMapImpl.runOperation(ConcurrentOperationMapImpl.java:51) at com.atlassian.stash.internal.crowd.RiotPolice.authenticate(RiotPolice.java:132) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at com.atlassian.stash.internal.plugin.OsgiSafeProxyProvider$1.invoke(OsgiSafeProxyProvider.java:95) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy1773.authenticate(Unknown Source) at com.atlassian.stash.internal.auth.EmbeddedCrowdHttpAuthenticationHandler.authenticate(EmbeddedCrowdHttpAuthenticationHandler.java:51) at com.atlassian.bitbucket.auth.HttpAuthenticationHandler.performAuthentication(HttpAuthenticationHandler.java:88) at com.atlassian.stash.internal.auth.DefaultAuthenticationService.lambda$authenticateInternal$2(DefaultAuthenticationService.java:158) at com.atlassian.stash.internal.auth.DefaultAuthenticationService$$Lambda$548/429571195.perform(Unknown Source) at com.atlassian.stash.internal.auth.DefaultCaptchaService.authenticateWithCaptcha(DefaultCaptchaService.java:72)
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available