Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-31156

"Unable to rename user" errors when attempting to login with a LDAP user

    XMLWordPrintable

    Details

      Description

      Steps to reproduce

      1. Create a user with mixed case sensitivity such as "Horatio Nelson" in LDAP
      2. Hook Confluence to the LDAP directory via Internal with LDAP Authentication (Delegated)
      3. Login first as "Horatio Nelson" (to create the user as "Horatio Nelson" in the cwd_user table)
      4. Logout, then login again as "horatio nelson" (all lowercase)

      You will get this error:

      2013-10-11 22:19:58,407 ERROR [http-8443-6] [[Standalone].[localhost].[/c530].[action]] log Servlet.service() for servlet action threw exception
      java.lang.IllegalStateException: Unable to rename user Horatio Nelson to horatio nelson
      	at com.atlassian.crowd.directory.AbstractInternalDirectory.forceRenameUser(AbstractInternalDirectory.java:611)
      	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticateAndUpdateOrCreate(DelegatedAuthenticationDirectory.java:218)
      	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:175)
      

      Cause:

      The problem is caused by this function in com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.java:

      private User authenticateAndUpdateOrCreate(String name, PasswordCredential credential)
                  throws InactiveAccountException, ExpiredCredentialException, OperationFailedException, InvalidAuthenticationException, UserNotFoundException
          {
              // authenticate the user against LDAP
              User ldapUser = ldapDirectory.authenticate(name, credential);
              // Try to find the corresponding local user
              User internalUser = findLocalUserByExternalId(ldapUser.getExternalId());
              if (internalUser != null)
              {
                  if (!internalUser.getName().equals(name))
                  {
                      // We want to rename the existing user
                      if (isUserUpdateOnAuthEnabled())
                      {
                          // push any existing user out of our way and rename
                          try
                          {
                              internalUser = internalDirectory.forceRenameUser(internalUser, name);
                          }
                          catch (UserNotFoundException e)
                          {
                              // Pretty unlucky
                              throw new ConcurrentModificationException("Unable to rename '" + internalUser.getName() + "' to new name '" + name + "' during login.");
                          }
                      }
      

      Specifically, this if statement:

      if (!internalUser.getName().equals(name))
      

      Which takes the name string directly from the user input, and comparing it to the username stored in cwd_user directly, hence, the mismatch, which is why forceRenameUser is called in the first place

      So far, this affects any Confluence distribution bundled with the Crowd 2.7 integration libraries

      1.Workaround

      1. Login with the exact case, in this case, it would be "Horatio Nelson"
      2. Disable "Copy User on Login" for the directory - that will avoid this problem and allow already created users to log in, but no new users will be created automatically on login, and no group updates will be synchronised from the LDAP directory

      2.Workaround

      In some cases when disabling such external directory and creating a new one with the same information may fix this problem. Please note that using this workaround will remove all users preferences and profile pictures.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gmartin Glenn Martin
              Reporter:
              fsim Foo Sim (Inactive)
              Votes:
              14 Vote for this issue
              Watchers:
              42 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: