Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
None
-
2.7.2
-
None
-
Severity 2 - Major
-
Description
CWD-3748 introduced checks on the externalId that's received from the LDAP server. If the externalId contains invalid XML characters, the internalId is rejected and set to null.
This causes problems during the first user synchronisation following upgrade from crowd 2.7.1 (or lower) to 2.7.2. The users whose externalId is rejected are deleted + added instead of updated.
In Stash, as a result of the delete, the user's permissions and SSH keys are revoked.
DbCachingRemoteChangeOperations.deleteCachedUsersNotIn does not handle the case where the cached user does have an externalId, but the user that's retrieved from LDAP does not.