Details
-
Bug
-
Resolution: Fixed
-
Low
-
3.1.1, 3.2.2
-
None
Description
Steps to reproduce
- Set up an Delegate LDAP directory in stash, with copy user on login, synchronise group memberships and group object filter of "(cn=Stash)"
- Make sure that there isn't any "Default Group Memberships"
- Create a user in LDAP as a member of LDAP groups 'Stash' and 'Stash sysadmin'
- Confirm that you can log in as that user, and that the group membership for 'Stash' (but not 'Stash sysadmin') is synced into stash.
- As the admin user, change the group object filter to be "(|(cn=Stash)(cn=Stash sysadmin))". Verify that the GUI edit page and "Directory Configuration summary" reflect the change
- Log out the LDAP user, and log back in again
- The user is not added to the 'Stash sysadmin' group
- Restart Stash
- Log in as the LDAP user
- The user is in the 'Stash sysdamin' group
- Change the group object filter to be "(|(cn=Stash)(cn=Stash sysadmin)" (NOTE the missing ")" at the end)
- No error is reported by Stash
- Restart Stash
- Try to log in as the LDAP user
- The user logs in, but the groups aren't synced, and the stash log reports:
2014-07-09 14:02:32,929 ERROR [http-bio-7990-exec-16] 842x223x0 2fjgvu 211.29.157.13,127.0.0.1 "POST /j_stash_security_check HTTP/1.1" c.a.c.d.DelegatedAuthenticationDirectory Could not update remote group imported memberships of user "bradley.baetz" in directory "Delegated Authentication Directory". com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.InvalidSearchFilterException: Unbalanced parenthesis; nested exception is javax.naming.directory.Invalid SearchFilterException: Unbalanced parenthesis; remaining name 'ou=Groups,ou=staff,ou=OIE'
- Change the ldap filter back, and then restart stash to pick up the change