-
Bug
-
Resolution: Fixed
-
Medium
-
2.5.5
-
None
-
jboss420
-
6
-
I had this problem when I was using osuser.xml, and fixed it by adding the java.naming.referral=follow as a property in the XML. Recently I was made aware that atlassian-user.xml is the replacement for osuser.xml. Strange then, that I cannot set arbitrary properties as I could with osuser.xml, so the solution applied to osuser.xml no longer works. There is no current way to include a new attribute for the environement, such as for the java.naming.referral flag.
I've raised this through support, the advice is to supply -D java.naming.referral=follow through the command line to the application server. This should work, if the InitialContext is created from a combination of system environment and atlassian-user.xml content, but this doesn't appear to be the case (I just tried). I'm open to other suggestions.
My reported environment from jboss startup was:
JAVA_OPTS: -Dprogram.name=runNode2.sh -server -Djavax.net.ssl.trustStore=/etc/ssl/my_keystore.jks -Djavax.net.ssl.trustStorePassword=stuff -Dcom.sun.management.jmxremote -Djava.naming.referral=follow -Xrunjdwp:transport=dt_socket,address=8701,server=y,suspend=n -Djava.awt.headless=true -XX:MaxPermSize=256m -XX:PermSize=256m -Xms128m -Xmx512m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true
JIRA has this fixed. I'm asking for confluence to support this through atlassian-user.xml, it seems strange that as a 'future' configuration its missing this.
As a result every auth lookup generates a stack, I cannot seem to edit user groups, which is a pretty big problem.
Workaround is to go back to osuser.xml ?
[CONFSERVER-9116] Confluence LDAP (atlassian-user.xml) should support referral property
The knowledge base article is at http://confluence.atlassian.com/pages/viewpage.action?pageId=54362244.
Jean Marois
added a comment - Correction: port 3268 accesses the Global Catalog see http://technet.microsoft.com/en-us/library/Bb742424.aspx#XSLTsection127121120120 for more info on the Global Catalog.
Jean Marois
added a comment - Correction: port 3268 accesses the Global Catalog see http://technet.microsoft.com/en-us/library/Bb742424.aspx#XSLTsection127121120120 for more info on the Global Catalog. Jean Marois
added a comment - If your LDAP directory server is Active Directory you could try changing the port number to 3268. This will query the Global Controller's cached union of domains. You will be able to access user and group information from all your domains using a single LDAP server connection, and you will not get the referral exceptions. It is also very fast.
Jean Marois
added a comment - If your LDAP directory server is Active Directory you could try changing the port number to 3268. This will query the Global Controller's cached union of domains. You will be able to access user and group information from all your domains using a single LDAP server connection, and you will not get the referral exceptions. It is also very fast. 
Andy Brook
added a comment - Scratch my first comment about '-D java.naming.referral=follow' it should be '-D atlassian.java.naming.referral=follow', my bad. This workaround fixes the problem, but it is a workaround.
Andy Brook
added a comment - Scratch my first comment about '-D java.naming.referral=follow' it should be '-D atlassian.java.naming.referral=follow', my bad. This workaround fixes the problem, but it is a workaround. 
Andy Brook (Javahollic Software)
added a comment - Perhaps this may shed some light on the problem, I have jboss reporting that java does indeed have 'java.naming.referral' setup as 'follow' in the app server environement. Im wondering if the environment that is created in the bucket.user.DefaultUserAccessor code checks for, and includes this attribute in the environment it creates, or does it just load from atlassian user, which doesn't have support for referral flags at all?
16:30:18,849 INFO [STDOUT] 2007-08-08 16:30:18,836 ERROR [http-0.0.0.0-8041-2] [bucket.user.DefaultUserAccessor] getGroups com.atlassian.user.impl.RepositoryException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=this,DC=that' -- url: /kb/dashboard.action | userName: meeee | action: dashboard com.atlassian.user.impl.RepositoryException: com.atlassian.user.impl.RepositoryException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=this,DC=that'
Andy Brook (Javahollic Software)
added a comment - Perhaps this may shed some light on the problem, I have jboss reporting that java does indeed have 'java.naming.referral' setup as 'follow' in the app server environement. Im wondering if the environment that is created in the bucket.user.DefaultUserAccessor code checks for, and includes this attribute in the environment it creates, or does it just load from atlassian user, which doesn't have support for referral flags at all?
16:30:18,849 INFO [STDOUT] 2007-08-08 16:30:18,836 ERROR [http-0.0.0.0-8041-2] [bucket.user.DefaultUserAccessor] getGroups com.atlassian.user.impl.RepositoryException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC= this ,DC=that'
-- url: /kb/dashboard.action | userName: meeee | action: dashboard
com.atlassian.user.impl.RepositoryException: com.atlassian.user.impl.RepositoryException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC= this ,DC=that'
Andy Brook (Javahollic Software)
added a comment - I have a bunch of replicated ldap servers to point to. Pointing at a one that is local appears to now work (ie doesnt lockup editing groups) but logging in still causes the stacks.
Andy Brook (Javahollic Software)
added a comment - I have a bunch of replicated ldap servers to point to. Pointing at a one that is local appears to now work (ie doesnt lockup editing groups) but logging in still causes the stacks. 
This is resolved in Confluence 3.5. There is now a 'Follow Referrals' checkbox in the new LDAP directory configuration UI that you can enable to solve this problem. Please see our documentation for more information.