[CWD-3683] "Unable to rename user" errors when attempting to login with a LDAP user

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.7.1
Affects Version/s: 2.7
Component/s: Directory - Internal/Delegated
Labels:
- enterprise
- warranty

Bug Fix Policy:
View Atlassian Server bug fix policy

Steps to reproduce

Create a user with mixed case sensitivity such as "Horatio Nelson" in LDAP
Hook Confluence to the LDAP directory via Internal with LDAP Authentication (Delegated)
Login first as "Horatio Nelson" (to create the user as "Horatio Nelson" in the cwd_user table)
Logout, then login again as "horatio nelson" (all lowercase)

You will get this error in Confluence (JIRA is working fine, more about it below):

2013-10-11 22:19:58,407 ERROR [http-8443-6] [[Standalone].[localhost].[/c530].[action]] log Servlet.service() for servlet action threw exception
java.lang.IllegalStateException: Unable to rename user Horatio Nelson to horatio nelson
	at com.atlassian.crowd.directory.AbstractInternalDirectory.forceRenameUser(AbstractInternalDirectory.java:611)
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticateAndUpdateOrCreate(DelegatedAuthenticationDirectory.java:218)
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:175)

Cause:

The problem is caused by this function in com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.java:

private User authenticateAndUpdateOrCreate(String name, PasswordCredential credential)
            throws InactiveAccountException, ExpiredCredentialException, OperationFailedException, InvalidAuthenticationException, UserNotFoundException
    {
        // authenticate the user against LDAP
        User ldapUser = ldapDirectory.authenticate(name, credential);
        // Try to find the corresponding local user
        User internalUser = findLocalUserByExternalId(ldapUser.getExternalId());
        if (internalUser != null)
        {
            if (!internalUser.getName().equals(name))
            {
                // We want to rename the existing user
                if (isUserUpdateOnAuthEnabled())
                {
                    // push any existing user out of our way and rename
                    try
                    {
                        internalUser = internalDirectory.forceRenameUser(internalUser, name);
                    }
                    catch (UserNotFoundException e)
                    {
                        // Pretty unlucky
                        throw new ConcurrentModificationException("Unable to rename '" + internalUser.getName() + "' to new name '" + name + "' during login.");
                    }
                }

Specifically, this if statement:

if (!internalUser.getName().equals(name))

Which takes the name string directly from the user input, and comparing it to the username stored in cwd_user directly, hence, the mismatch, which is why forceRenameUser is called in the first place

So far, this affects any Confluence distribution bundled with the Crowd 2.7 integration libraries

Description update:

derived from

JRASERVER-35314 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

CONFSERVER-31156 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

CONFSERVER-31175 "Unable to rename user" errors when attempting to login with a LDAP user

Closed

JDEV-25483 Failed to load

mentioned in: Page Failed to load

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow	Original: Simplified Crowd Development Workflow v2 - restricted [ 1511135 ]	New: JAC Bug Workflow v3 [ 3365616 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

vkharisma made changes - 01/Apr/2017 7:42 PM

Link

New: This issue derived from JRACLOUD-35314 [ JRACLOUD-35314 ]

vkharisma made changes - 01/Apr/2017 2:12 PM

Link

New: This issue derived from CONFCLOUD-31175 [ CONFCLOUD-31175 ]

Owen made changes - 07/Jul/2016 6:19 AM

Workflow

Original: Simplified Crowd Development Workflow v2 [ 1393295 ]

New: Simplified Crowd Development Workflow v2 - restricted [ 1511135 ]

Owen made changes - 12/May/2016 2:52 AM

Workflow

Original: Crowd Development Workflow v2 [ 561496 ]

New: Simplified Crowd Development Workflow v2 [ 1393295 ]

Septa Cahyadiputra (Inactive) made changes - 08/Nov/2013 3:12 PM

Labels

Original: conf-alpha enterprise warranty

New: enterprise warranty

Diego Berrueta made changes - 29/Oct/2013 6:23 AM

Remote Link

New: This issue links to "Page (Extranet)" [ 51805 ]

Michal Orzechowski (Inactive) made changes - 18/Oct/2013 8:49 AM

Fix Version/s

New: 2.7.1 [ 37110 ]

Michal Orzechowski (Inactive) made changes - 18/Oct/2013 8:49 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Technical Review [ 10028 ]	New: Resolved [ 5 ]

Michal Orzechowski (Inactive) made changes - 16/Oct/2013 12:48 PM

Status

Original: In Progress [ 3 ]

New: Technical Review [ 10028 ]

Assignee:: Michal Orzechowski (Inactive)

Reporter:: Foo Sim (Inactive)

Affected customers:: 9 This affects my team

Watchers:: 4 Start watching this issue

Created:: 14/Oct/2013 12:26 PM

Updated:: 15/Aug/2019 7:06 AM

Resolved:: 18/Oct/2013 8:49 AM

Details

Description

Steps to reproduce

Cause:

Attachments

Issue Links

Forms

Activity

People

Dates