-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: 2.8.1
-
Component/s: None
-
Environment:
LDAP
If a user sets up some invalid DN for base group search e.g.
<ldap key="ldapRepository" name="LDAP Repository@hecate.atlassian.com" cache="true">
<host>192.168.3.146</host>
<port>389</port>
<securityPrincipal>cn=manager,dc=atlassian,dc=test</securityPrincipal>
<securityCredential>secret</securityCredential>
<securityProtocol>plain</securityProtocol>
<securityAuthentication>simple</securityAuthentication>
<baseContext>dc=atlassian,dc=test</baseContext>
<baseUserNamespace>ou=people,dc=atlassian,dc=test</baseUserNamespace>
<baseGroupNamespace>ou=blah,ou=groups,dc=atlassian,dc=test</baseGroupNamespace>
<usernameAttribute>cn</usernameAttribute>
<userSearchFilter>(objectClass=inetorgperson)</userSearchFilter>
<firstnameAttribute>givenname</firstnameAttribute>
<surnameAttribute>sn</surnameAttribute>
<emailAttribute>mail</emailAttribute>
<groupnameAttribute>cn</groupnameAttribute>
<groupSearchFilter>(objectClass=dummyValue)</groupSearchFilter>
<membershipAttribute>member</membershipAttribute>
<userSearchAllDepths>false</userSearchAllDepths>
<groupSearchAllDepths>false</groupSearchAllDepths>
</ldap>
In the above we are not interested in LDAP groups thus they have set the objectClass to equal dummyValue . However the baseGroupNameSpace is incorrect. It refers to a non existing DN. (correct DN is
"ou=groups,dc=atlassian,dc=test" with no blah).
However if you go to manage groups, it will return a null pointer exception as UserAcessor.getGroups returns a null due to the bad DN.
It also does not proceed to continue checking other repositories. That is, because this throws an error, the groups table is not checked for internal confluence groups, hence permissions fail to work.
This error could be better handled.
- is related to
-
-
- Closed
-