-
Bug
-
Resolution: Fixed
-
Low
-
2.7
Interestingly enough there is already a knowledge base entry about this: https://confluence.atlassian.com/display/CONFKB/LDAP+User+Unable+to+Login+to+Confluence+due+to+Membership+in+Restricted+Group
It explains it all, but here is a summary as I understand it anyway:
- user attempts to authenticate (via embedded Crowd)
- user belongs to a list groups in LDAP
- the username/password configured to link said LDAP directory doesn't have sufficient right to access some of the group
This means somehow some membership are returned as null, and when we try to use ImmutableList.copyOf : kaboom
Here is a stack trace:
java.lang.NullPointerException: at index 23
at com.google.common.collect.ImmutableList.checkElementNotNull(ImmutableList.java:318)
at com.google.common.collect.ImmutableList.construct(ImmutableList.java:309)
at com.google.common.collect.ImmutableList.copyFromCollection(ImmutableList.java:302)
at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:260)
at com.google.common.collect.ImmutableList.copyOf(ImmutableList.java:230)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findGroupMembershipNames(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.RFC4519Directory.searchGroupRelationshipsWithGroupTypeSpecified(RFC4519Directory.java:447)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupRelationships(SpringLDAPConnector.java:1499)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.updateGroupsMembershipOnLogin(DbCachingRemoteDirectory.java:347)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndUpdateInternalUser(DbCachingRemoteDirectory.java:283)
com.atlassian.crowd.directory.DbCachingRemoteDirectory.performAuthenticationAndUpdateAttributes(DbCachingRemoteDirectory.java:189)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:161)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:292)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:142)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:68)
Workaround
Make sure that both the "Use the User Membership Attribute" and "Use memberOf for group membership" options are disabled
- is caused by
-
CWD-1286 Provide support for Active Directory Primary group memberships (eg. Domain Users, Domain Admins)
- Closed
- is related to
-
-
- Closed
-
- mentioned in
-
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page")
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page
No Confluence page found with the given URL.
-
Page Loading...
-
-
-
-
-
-
[CWD-4206] LDAP user unable to Login to application due to membership in restricted group
| Remote Link | Original: This issue links to "Page (Atlassian Documentation)" [ 90815 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 454289 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1510849 ] | New: JAC Bug Workflow v3 [ 3365418 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Remote Link | New: This issue links to "Page (Extranet)" [ 315751 ] |
| Link | New: This issue is related to JRACLOUD-44407 [ JRACLOUD-44407 ] |
| Remote Link | New: This issue links to "Page (Atlassian Documentation)" [ 247004 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391863 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1510849 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 790144 ] | New: Simplified Crowd Development Workflow v2 [ 1391863 ] |
| Fix Version/s | New: 2.9 [ 46094 ] | |
| Fix Version/s | Original: 2.8.5 [ 61101 ] |
| Remote Link | New: This issue links to "Page (Extranet)" [ 170941 ] |