[CWD-3683] "Unable to rename user" errors when attempting to login with a LDAP user - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.7
Fix Version/s: 2.7.1
Component/s: Directory - Internal/Delegated
Labels:
- enterprise
- warranty

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Steps to reproduce

Create a user with mixed case sensitivity such as "Horatio Nelson" in LDAP
Hook Confluence to the LDAP directory via Internal with LDAP Authentication (Delegated)
Login first as "Horatio Nelson" (to create the user as "Horatio Nelson" in the cwd_user table)
Logout, then login again as "horatio nelson" (all lowercase)

You will get this error in Confluence (JIRA is working fine, more about it below):

2013-10-11 22:19:58,407 ERROR [http-8443-6] [[Standalone].[localhost].[/c530].[action]] log Servlet.service() for servlet action threw exception
java.lang.IllegalStateException: Unable to rename user Horatio Nelson to horatio nelson
	at com.atlassian.crowd.directory.AbstractInternalDirectory.forceRenameUser(AbstractInternalDirectory.java:611)
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticateAndUpdateOrCreate(DelegatedAuthenticationDirectory.java:218)
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:175)

Cause:

The problem is caused by this function in com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.java:

private User authenticateAndUpdateOrCreate(String name, PasswordCredential credential)
            throws InactiveAccountException, ExpiredCredentialException, OperationFailedException, InvalidAuthenticationException, UserNotFoundException
    {
        // authenticate the user against LDAP
        User ldapUser = ldapDirectory.authenticate(name, credential);
        // Try to find the corresponding local user
        User internalUser = findLocalUserByExternalId(ldapUser.getExternalId());
        if (internalUser != null)
        {
            if (!internalUser.getName().equals(name))
            {
                // We want to rename the existing user
                if (isUserUpdateOnAuthEnabled())
                {
                    // push any existing user out of our way and rename
                    try
                    {
                        internalUser = internalDirectory.forceRenameUser(internalUser, name);
                    }
                    catch (UserNotFoundException e)
                    {
                        // Pretty unlucky
                        throw new ConcurrentModificationException("Unable to rename '" + internalUser.getName() + "' to new name '" + name + "' during login.");
                    }
                }

Specifically, this if statement:

if (!internalUser.getName().equals(name))

Which takes the name string directly from the user input, and comparing it to the username stored in cwd_user directly, hence, the mismatch, which is why forceRenameUser is called in the first place

So far, this affects any Confluence distribution bundled with the Crowd 2.7 integration libraries

Description update:

Attachments

Issue Links

derived from

JRASERVER-35314 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

CONFSERVER-31156 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

CONFSERVER-31175 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

JDEV-25483 Loading...

mentioned in: Page Loading...

Activity

People

Assignee:: Michal Orzechowski (Inactive)

Reporter:: Foo Sim (Inactive)

Votes:: 9 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Oct/2013 12:26 PM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 18/Oct/2013 8:49 AM