Context

In Crowd 2.7.0, we had an issue with Crowd generating invalid XML documents due to binary data getting synced to the Crowd cache as the user's external id; we fixed this in 2.7.1 by not skipping syncing any attributes which are not representable in XML to the Crowd LDAP cache (specifically, in ~~CWD-3748~~).

Problem

Unfortunately, Novell eDirectory's GUID attribute (which is the default "User Unique Identifier Attribute" in Crowd) is defined to be of type Octet String, so that attribute often has invalid-for-xml characters and hence is often not sync'd to Crowd's cache.

Consequence

User renames will not be detected for any user whose GUID attribute is not XML safe.

Safety is determined according to com.atlassian.crowd.directory.ldap.util.XmlValidator#isSafe. More specifically, the GUID attribute value is safe and will not be skipped if every character meets the condition below:

                (c == 0x09 || c == 0x0A || c == 0x0D
                || (c >= 0x20 && c <= 0xD7FF)
                || (c >= 0xE000 && c <= 0xFFFD)
                || (c >= 0x10000 && c <= 0x10FFFF))

(e.g. 0x09 represents a valid xml character, 0x0B does not)

Attachments

Issue Links

is caused by

CWD-3748 Crowd does not check if the LDAP externalId attribute value can be represented in XML

Closed

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Avi Knoll (Inactive)

Reporter:: Caspar Krieger (Inactive)

Votes:: 10 Vote for this issue

Watchers:: 17 Start watching this issue

Dates

Created:: 14/Apr/2014 6:45 AM

Updated:: 05/Apr/2024 3:14 AM