Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
6.12.3
-
None
-
7
-
Severity 2 - Major
-
2
-
Description
Issue Summary
Customer reports that recently they observe new and old groups not synchronizing their memberships, no change in configuration was done.
Environment
In this specific case:
Confluence 6.12.3
SunOne LDAP server
Steps to Reproduce
Debug enabled on Crowd class: com.atlassian.crowd
The following error can be observed in the logs at the end of the sync process. If a synchronization is attempted via UI, it shows as failed:
2019-06-21 09:10:25,680 DEBUG [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] syncGroupMembersForGroup adding [ 0 ] group members from group [ group1 ] 2019-06-21 09:10:25,681 DEBUG [Caesium-1-1] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] syncGroupMembersForGroup synchronised [ 4 ] group members for group [ group1 ] in [ 2ms ] 2019-06-21 09:10:25,715 DEBUG [Caesium-1-1] [crowd.directory.ldap.SpringLdapTemplateWrapper] call Timed call for lookup with mapper on cn=group2,ou=groups,o=domain took 34ms 2019-06-21 09:10:25,716 INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache failed synchronisation complete for directory [ 111111 ] in [ 264584ms ] 2019-06-21 09:10:25,736 ERROR [Caesium-1-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 111111 ]. java.lang.RuntimeException: javax.naming.InvalidNameException: Invalid name: jdoe at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:820) at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:813) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.google.common.collect.Iterators$5.next(Iterators.java:558) at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:79) at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:64) at com.google.common.collect.Iterators$8.transform(Iterators.java:799) at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:169) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:57) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:978) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:67) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:45) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:85) at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.doRunJob(JobRunnerWrapper.java:120) at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.lambda$runJob$0(JobRunnerWrapper.java:91) at com.atlassian.confluence.impl.vcache.VCacheRequestContextManager.doInRequestContextInternal(VCacheRequestContextManager.java:87) at com.atlassian.confluence.impl.vcache.VCacheRequestContextManager.doInRequestContext(VCacheRequestContextManager.java:71) at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.runJob(JobRunnerWrapper.java:91) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:443) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeLocalJob(CaesiumSchedulerService.java:410) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:388) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:285) at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService$1.consume(CaesiumSchedulerService.java:282) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:65) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:59) at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:34) at java.lang.Thread.run(Thread.java:748) Caused by: javax.naming.InvalidNameException: Invalid name: jdoe at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:111) at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:70) at javax.naming.ldap.LdapName.parse(LdapName.java:785) at javax.naming.ldap.LdapName.<init>(LdapName.java:123) at com.atlassian.crowd.directory.RFC4519Directory$3.apply(RFC4519Directory.java:818) ... 31 more
An LDIF export of that group2 (last to show up in the logs before error) would look like this:
# group2, groups, domain dn: cn=group2,ou=groups,o=domain description: a sample group mail: group2@domain objectclass: top objectclass: groupOfUniqueNames objectclass: groupOfNames objectclass: mailGroup objectclass: inetLocalMailRecipient objectclass: inetMailGroup objectclass: inetMailGroupManagement objectclass: nsManagedMailList uniquemember: jdoe uniquemember: jsmith uniquemember: asierra uniquemember: bbrown uniquemember: bblack uniquemember: uid=jdoe,ou=people,o=domain uniquemember: uid=jsmith,ou=people,o=domain uniquemember: uid=asierra,ou=people,o=domain uniquemember: uid=bbrown,ou=people,o=domain uniquemember: uid=bblack,ou=people,o=domain cn=group2
Other groups in the environment looked like this (and sync succesfully):
# group1, groups, domain dn: cn=group1,ou=groups,o=domain description: another sample group mail: group1@domain objectclass: top objectclass: groupOfUniqueNames objectclass: groupOfNames objectclass: mailGroup objectclass: inetLocalMailRecipient objectclass: inetMailGroup objectclass: inetMailGroupManagement objectclass: nsManagedMailList uniquemember: uid=jdoe,ou=people,o=domain uniquemember: uid=jsmith,ou=people,o=domain uniquemember: uid=bbrown,ou=people,o=domain uniquemember: uid=bblack,ou=people,o=domain cn=group1
Expected Results
- Synchronization to be proceed, skipping invalid users names
- Group membership synchronization for that group to be skipped
- Sync process to continue synch'ing other groups
Actual Results
- Sync process is interrupted with failure
- Confusing message in log: synchroniseCache failed synchronisation complete for directory [ 111111 ]
Workaround
- Remove the users with the misformatted names (jdoe, instead of uid=jdoe,ou=people,o=domain)
- Try to sync again.
Check if it fails again:ERROR [Caesium-1-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 111111 ].
And if another group is listed right before that error:
[crowd.directory.ldap.SpringLdapTemplateWrapper] call Timed call for lookup with mapper on cn=group2,ou=groups,o=domain took 34msThen fix it the same way on the LDAP server (removing the mal formatted usernames)
Attachments
Issue Links
- is related to
-
CWD-5502 Synchronization fails if there exists any user member in LDAP with invalid name format
- Gathering Interest
- was cloned as
-
-
- Gathering Impact
-