Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
2.11.0
-
29
-
Severity 2 - Major
-
10
-
Description
Context
In Crowd 2.7.0, we had an issue with Crowd generating invalid XML documents due to binary data getting synced to the Crowd cache as the user's external id; we fixed this in 2.7.1 by not skipping syncing any attributes which are not representable in XML to the Crowd LDAP cache (specifically, in CWD-3748).
Problem
Unfortunately, Novell eDirectory's GUID attribute (which is the default "User Unique Identifier Attribute" in Crowd) is defined to be of type Octet String, so that attribute often has invalid-for-xml characters and hence is often not sync'd to Crowd's cache.
Consequence
User renames will not be detected for any user whose GUID attribute is not XML safe.
Safety is determined according to com.atlassian.crowd.directory.ldap.util.XmlValidator#isSafe. More specifically, the GUID attribute value is safe and will not be skipped if every character meets the condition below:
(c == 0x09 || c == 0x0A || c == 0x0D || (c >= 0x20 && c <= 0xD7FF) || (c >= 0xE000 && c <= 0xFFFD) || (c >= 0x10000 && c <= 0x10FFFF))
(e.g. 0x09 represents a valid xml character, 0x0B does not)