Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.7.0, 7.17.0, 7.21.0
-
1
-
Severity 3 - Minor
-
3
-
Description
Issue Summary
Scenario: LDAP user directory which uses blank or anonymous credentials to bind.
Issue: Unable to change an LDAP directory's credentials to blank values if the directory previously had credentials defined, the form will not accept the new (blank) value. You can however add a brand new user directory and not specify credentials during its initial setup and you'll be able to save that choice.
Steps to Reproduce
- Edit an existing LDAP directory which has credentials defined to bind to it, and which now is needing to change those credentials to blank (NULL) values.
- Erase the username and/or password as required by the LDAP directory, attempt to test and save changes.
Expected Results
Test is successful and changes can be saved, now binding to the LDAP source with blank/anonymous credentials as desired.
Actual Results
You can erase the previous values but attempts to test this new configuration will fail, leaving you unable to ultimately save the changes.
The LDAP directory may issue an "Error 49" in response to failing the test.
Workaround
It's possible to create a new user directory and specify the blank credentials from the very beginning, but adding new user directories has consequences which can be avoided by simply editing the database directly and NULL'ing the credentials where they are stored:
UPDATE cwd_directory_attribute SET attribute_value = NULL WHERE attribute_name = 'ldap.userdn' OR attribute_name = 'ldap.password';
You will need to restart Bitbucket on all nodes after editing the database's values.
Please note that the LDAP configuration form for this directory will visually indicate ******** in the password field, due to it being a "password" type field, even after NULL'ing those values out and restarting.