Loading...

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 2.8
Component/s: Directory - LDAP
Labels:
None

Support reference count:
4
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Steps to reproduce

In Active Directory, create a group with two trailing spaces in the CN. E.g.: "examplegroup " with two trailing spaces.
The FQDN should read something like: "cn=examplegroup \ ,ou=groups,dc=example,dc=com"
Hook up Crowd 2.8 to this AD using a Connector
Trigger a sync

Expected behavior

Sync completes, the AD group is pulled into Crowd with two trailing spaces

Actual behavior

Sync fails due to an LDAP error code 34. Full stracktrace:

2015-03-02 13:57:44,274 scheduler_Worker-10 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ].
org.springframework.ldap.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; nested exception is javax.naming.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name 'cn=examplegroup\ \ ,ou=groups,dc=example,dc=com'
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:136)
	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820)
	at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803)
	at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282)
	at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959)
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70)
	at com.google.common.collect.Iterators$8.next(Iterators.java:812)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:128)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:84)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:161)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1120)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy37.synchronise(Unknown Source)
	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93)
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
	at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: javax.naming.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name 'cn=examplegroup\ \ ,ou=groups,dc=example,dc=com'
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3025)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
	at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
	at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:152)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90)
	at com.sun.proxy.$Proxy383.getAttributes(Unknown Source)
	at org.springframework.ldap.core.LdapTemplate$17.executeWithContext(LdapTemplate.java:937)
	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817)
	... 37 more

Other notes

May be an Active Directory-only issue. Was not able to reproducing using ApacheDS 1.5.

Functionality-wise, this is the same issue in ~~CWD-3823~~. That bug was originally closed with a fix version of Crowd 2.8 in anticipation that SpringLDAP 2.0 would have resolved this.

Workarounds

(Recommended) Removing the trailing spaces on the AD side
Use an LDAP search filter in Crowd to specifically exclude the problem groups

is a regression of

CWD-3823 Crowd fails to parse AD DNs with more than one trailing spaces

Closed

mentioned in: Page Loading...

Details

Description

Steps to reproduce

Expected behavior

Actual behavior

Other notes

Workarounds

Attachments

Issue Links

Forms

Activity

People

Dates