-
Bug
-
Resolution: Low Engagement
-
Low
-
None
-
2.8
-
4
-
Severity 3 - Minor
-
Steps to reproduce
- In Active Directory, create a group with two trailing spaces in the CN. E.g.: "examplegroup " with two trailing spaces.
- The FQDN should read something like: "cn=examplegroup \ ,ou=groups,dc=example,dc=com"
- Hook up Crowd 2.8 to this AD using a Connector
- Trigger a sync
Expected behavior
Sync completes, the AD group is pulled into Crowd with two trailing spaces
Actual behavior
Sync fails due to an LDAP error code 34. Full stracktrace:
2015-03-02 13:57:44,274 scheduler_Worker-10 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ]. org.springframework.ldap.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; nested exception is javax.naming.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name 'cn=examplegroup\ \ ,ou=groups,dc=example,dc=com' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:136) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803) at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282) at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516) at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78) at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70) at com.google.common.collect.Iterators$8.next(Iterators.java:812) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:128) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:84) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:161) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1120) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy37.synchronise(Unknown Source) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: javax.naming.InvalidNameException: cn=examplegroup\ \ ,ou=groups,dc=example,dc=com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece]; remaining name 'cn=examplegroup\ \ ,ou=groups,dc=example,dc=com' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3025) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139) at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:152) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90) at com.sun.proxy.$Proxy383.getAttributes(Unknown Source) at org.springframework.ldap.core.LdapTemplate$17.executeWithContext(LdapTemplate.java:937) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817) ... 37 more
Other notes
May be an Active Directory-only issue. Was not able to reproducing using ApacheDS 1.5.
Functionality-wise, this is the same issue in CWD-3823. That bug was originally closed with a fix version of Crowd 2.8 in anticipation that SpringLDAP 2.0 would have resolved this.
Workarounds
- (Recommended) Removing the trailing spaces on the AD side
- Use an LDAP search filter in Crowd to specifically exclude the problem groups
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Hi,
At Atlassian, our goal is to ensure we’re providing the best experience for our customers. With our new Data Center strategy, Atlassian's focus is on security, compliance, and performance and is a key driver in prioritizing bugs. Closing the bugs that do not fall into those categories will allow us to focus on the ones in the most current versions of our products.
This bug is being closed due to a lack of engagement in the last four years, including no new watchers, votes, or comments; this inactivity suggests a low impact.
Please note the comments on this thread are not being monitored.
You can read more about our bug fix policy here and how we prioritize bugs.
To learn more about our recent investments in Crowd Data Center, please check our public roadmap.
Kind regards,
Crowd Data Center