Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-78869

Performing an LDAP sync results with ERROR: invalid byte sequence for encoding "UTF8": 0x00 error with Postgres database

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 7.11.3, 7.11.6, 7.13.0, 7.13.4, 7.17.2, 7.19.3
    • User - Management

      Issue Summary

      Confluence is integrated with LDAP (e.g. Active Directory) in which LDAP throws back an exception (due to some error on LDAP side). Performing the LDAP sync, the atlassian-confluence.log shows this error:

      Log snippet
      2022-05-20 11:27:45,353 ERROR [Caesium-1-2] [engine.jdbc.spi.SqlExceptionHelper] logExceptions ERROR: invalid byte sequence for encoding "UTF8": 0x00
2022-05-20 11:27:45,353 ERROR [Caesium-1-2] [org.hibernate.internal.ExceptionMapperStandardImpl] mapManagedFlushFailure HHH000346: Error during managed flush [org.hibernate.exception.DataException: could not execute statement]
2022-05-20 11:27:45,354 WARN [Caesium-1-2] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doCommit Commit failed. Rolling back. Error: Hibernate operation: could not execute statement; ERROR: invalid byte sequence for encoding "UTF8": 0x00; nested exception is org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
2022-05-20 11:27:45,354 WARN [Caesium-1-2] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:
  ->[PluginReadWriteTx]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #1508402677)

      Steps to Reproduce

      1. Install Confluence with Postgres database server
      2. Integrate Confluence with LDAP (e.g. tested with Active Directory)
      3. Configure the Additional User DN and/or Additional Group DN that (incorrectly) includes the Base DN, e.g.
        • Base DN: dc=mycompany,dc=com
        • Additional User DN: ou=users,dc=mycompany,dc=com
        • Additional Group DN: ou=groups,dc=mycompany,dc=com

      Expected Results

      LDAP should sync should fail with the LDAP exception thrown into the atlassian-confluence.log.

      In Confluence 7.10 and earlier, the LDAP exception is thrown in the atlassian-confluence.log:

      2022-05-23 19:39:27,700 INFO [Caesium-1-1] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache failed synchronisation complete for directory [ 294914 ] in [ 124ms ]
2022-05-23 19:39:27,711 ERROR [Caesium-1-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 294914 ].
 -- referer: http://localhost:6740/c740/setup/setupdata-start.action | url: /c740/setup/setupdata.action | traceId: 2e96430ef7dcb9cc | userName: anonymous | action: setupdata
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; remaining name 'OU=people,dc=mycompany,dc=com,dc=mycompany,dc=com'
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:180)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:50)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:150)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:978)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:67)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:45)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:85)
	at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.doRunJob(JobRunnerWrapper.java:117)
	at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.lambda$runJob$0(JobRunnerWrapper.java:87)
	at com.atlassian.confluence.impl.vcache.VCacheRequestContextManager.doInRequestContextInternal(VCacheRequestContextManager.java:84)
	at com.atlassian.confluence.impl.vcache.VCacheRequestContextManager.doInRequestContext(VCacheRequestContextManager.java:68)
	at com.atlassian.confluence.impl.schedule.caesium.JobRunnerWrapper.runJob(JobRunnerWrapper.java:87)
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134)
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106)
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeLocalJob(CaesiumSchedulerService.java:402)
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:380)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60)
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.util.concurrent.ExecutionException: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; remaining name 'OU=people,dc=mycompany,dc=com,dc=mycompany,dc=com'
	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAllUsers(UsnChangedCacheRefresher.java:168)
	... 21 more
Caused by: com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; remaining name 'OU=people,dc=mycompany,dc=com,dc=mycompany,dc=com'
	at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:398)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:431)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:415)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:603)
	at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:941)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$2.call(UsnChangedCacheRefresher.java:128)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher$2.call(UsnChangedCacheRefresher.java:124)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	... 1 more
Caused by: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; remaining name 'OU=people,dc=mycompany,dc=com,dc=mycompany,dc=com'
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:183)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:376)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:195)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:192)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:130)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:100)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:192)
	at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:370)
	... 10 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
	'dc=mycompany,dc=com'
]; remaining name 'OU=people,dc=mycompany,dc=com,dc=mycompany,dc=com'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3179)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90)
	at com.sun.proxy.$Proxy3033.search(Unknown Source)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.lambda$timedCall$0(SpringLdapTemplateWrapper.java:194)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363)
	... 16 more

      Actual Results

      In the affected Confluence versions, the LDAP sync fails with a very unrelated failure:

      2022-05-20 11:27:45,353 ERROR [Caesium-1-2] [engine.jdbc.spi.SqlExceptionHelper] logExceptions ERROR: invalid byte sequence for encoding "UTF8": 0x00
2022-05-20 11:27:45,353 ERROR [Caesium-1-2] [org.hibernate.internal.ExceptionMapperStandardImpl] mapManagedFlushFailure HHH000346: Error during managed flush [org.hibernate.exception.DataException: could not execute statement]
2022-05-20 11:27:45,354 WARN [Caesium-1-2] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doCommit Commit failed. Rolling back. Error: Hibernate operation: could not execute statement; ERROR: invalid byte sequence for encoding "UTF8": 0x00; nested exception is org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
2022-05-20 11:27:45,354 WARN [Caesium-1-2] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:
  ->[PluginReadWriteTx]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #1508402677)

      These additional debug does not help to show the LDAP exception due to the above database exception being thrown:

      • com.atlassian.crowd
      • com.atlassian.crowd.directory
      • SQL Logging

      Workaround

      Review the configured LDAP filter entries are correctly configured as per Confluence Documentation: Connecting to an LDAP Directory:

      Setting Description
      Base DN The root distinguished name (DN) to use when running queries against the directory server. Examples:
      • o=example,c=com
      • cn=users,dc=ad,dc=example,dc=com
      • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.
      Additional User DN This value is used in addition to the base DN when searching and loading users. If no value is supplied, the subtree search will start from the base DN. Example:
      • ou=Users
      Additional Group DN This value is used in addition to the base DN when searching and loading groups. If no value is supplied, the subtree search will start from the base DN. Example:
      • ou=Groups

      Additional Reference: How to write LDAP search filters

      To "see" the LDAP exception returned from external AD:

      1. Setup the exact same User Directory configuration in a temporary Crowd instance (or install Crowd with an evaluation license)
      2. Crowd will propagate the LDAP exception in the atlassian-crowd.log file to assist with the troubleshooting
      3. Once the User Directory configuration is corrected and syncing successfully on Crowd, apply the same User Directory configuration settings on Confluence

              Unassigned Unassigned
              hlam@atlassian.com Eric Lam
              Votes:
              15 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: