Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5798

Unable to add groups to LDAP directory through Crowd UI for Generic Directory Server type

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Low Low
    • None
    • 4.2.3, 4.4.0
    • Directory - LDAP
    • None

      Issue Summary

      Cannot add group in Crowd UI for the Generic Directory Server type.

      Environment

      Steps to Reproduce

      1. Install Crowd
      2. Integrate Crowd to an external LDAP using the Generic Directory Server
        • The specific ones to replicate this issue are Red Hat Directory Server (RHDS) or 389 Directory Server
      3. Confirm that the User Directory syncs successfully with the LDAP directory
      4. Now add a Group on Crowd UI for the above User Directory and it will fail

      Expected Results

      • The new Group is created on the LDAP directory side and return a success on Crowd UI

      Actual Results

      Error on Crowd UI:

      Error in Crowd logs:

      2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
      ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
      ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
      com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
      ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
      ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
      	at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
      	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
      	at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      ...
      

      The group is not created in the remote LDAP directory

      Workaround

      Create the Group on the remote LDAP directory and sync the group into Crowd.

            [CWD-5798] Unable to add groups to LDAP directory through Crowd UI for Generic Directory Server type

            Eric Lam made changes -
            Link New: This issue duplicates CWD-4680 [ CWD-4680 ]
            Eric Lam made changes -
            Resolution New: Duplicate [ 3 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required.

            The code returns an empty String for the initial user record:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember (manually added DEBUG)}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required.

            The code returns an empty String for the initial user record:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required.

            The code returns an empty String for the initial user record:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember (manually added DEBUG)}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required

            The code returns an empty String:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required.

            The code returns an empty String for the initial user record:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _ 389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required

            The code returns an empty String:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required

            The code returns an empty String:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Description Original: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _365 Directory_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required

            The code returns an empty String:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            New: h3. Issue Summary

            Cannot add group in Crowd UI for the *Generic Directory Server* type.

            h3. Environment

            h3. Steps to Reproduce
             # Install Crowd
             # Integrate Crowd to an external LDAP using the *Generic Directory Server*
             #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _ 389 Directory Server_
             # Confirm that the User Directory syncs successfully with the LDAP directory
             # Now add a Group on Crowd UI for the above User Directory and it will fail (x)
             
            h3. Expected Results

            * The new Group is created on the LDAP directory side and return a success on Crowd UI

            h3. Actual Results

             Error on Crowd UI:

             !localFailedGroupCreation.png|thumbnail!

             Error in Crowd logs:

            {code}
            2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax
            ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local'
            at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211)
            at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735)
            at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            ...
            {code}

            The group is not created in the remote LDAP directory (x)

            h3. Root Cause

            When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types).

            For the *Generic Directory Server* type, this does not appear to be required

            The code returns an empty String:

            {code:title=SpringLDAPConnector.java}
                protected String getInitialGroupMemberDN() {
                    // empty member
                    return "";
                }
            {code}

            However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string.

            {code:title=SpringLDAPConnector.java}
                protected Attributes getNewGroupAttributes(Group group) throws NamingException {
            ...
                    if (defaultContainerMemberDN != null) {
            {code}

            {code:title=Resultant empty uniqueMember}
            2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup}
            {code}

            h3. Workaround

            Create the Group on the remote LDAP directory and sync the group into Crowd.
            Eric Lam made changes -
            Summary Original: Unable to add groups to LDAP directory through Crowd UI for Red Hat Directory Server (RHDS)/365 Directory New: Unable to add groups to LDAP directory through Crowd UI for Generic Directory Server type

              Unassigned Unassigned
              hlam@atlassian.com Eric Lam
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: