Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.7
Description
Interestingly enough there is already a knowledge base entry about this: https://confluence.atlassian.com/display/CONFKB/LDAP+User+Unable+to+Login+to+Confluence+due+to+Membership+in+Restricted+Group
It explains it all, but here is a summary as I understand it anyway:
- user attempts to authenticate (via embedded Crowd)
- user belongs to a list groups in LDAP
- the username/password configured to link said LDAP directory doesn't have sufficient right to access some of the group
This means somehow some membership are returned as null, and when we try to use ImmutableList.copyOf : kaboom
Here is a stack trace:
java.lang.NullPointerException: at index 23
at com.google.common.collect.ImmutableList.checkElementNotNull(ImmutableList.java:318)
at com.google.common.collect.ImmutableList.construct(ImmutableList.java:309)
at com.google.common.collect.ImmutableList.copyFromCollection(ImmutableList.java:302)
at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:260)
at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:230)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findGroupMembershipNames(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.RFC4519Directory.searchGroupRelationshipsWithGroupTypeSpecified(RFC4519Directory.java:447)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupRelationships(SpringLDAPConnector.java:1499)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.updateGroupsMembershipOnLogin(DbCachingRemoteDirectory.java:347)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndUpdateInternalUser(DbCachingRemoteDirectory.java:283)
com.atlassian.crowd.directory.DbCachingRemoteDirectory.performAuthenticationAndUpdateAttributes(DbCachingRemoteDirectory.java:189)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:161)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:292)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:142)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:68)
Workaround
Make sure that both the "Use the User Membership Attribute" and "Use memberOf for group membership" options are disabled
Attachments
Issue Links
- is caused by
-
CWD-1286 Provide support for Active Directory Primary group memberships (eg. Domain Users, Domain Admins)
- Closed
- is related to
-
-
- Closed
-
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-