-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
4.2.3, 4.4.0
-
None
-
Severity 3 - Minor
-
Issue Summary
Cannot add group in Crowd UI for the Generic Directory Server type.
Environment
Steps to Reproduce
- Install Crowd
- Integrate Crowd to an external LDAP using the Generic Directory Server
- The specific ones to replicate this issue are Red Hat Directory Server (RHDS) or 389 Directory Server
- Confirm that the User Directory syncs successfully with the LDAP directory
- Now add a Group on Crowd UI for the above User Directory and it will fail
Expected Results
- The new Group is created on the LDAP directory side and return a success on Crowd UI
Actual Results
Error on Crowd UI:
Error in Crowd logs:
2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ...
The group is not created in the remote LDAP directory
Workaround
Create the Group on the remote LDAP directory and sync the group into Crowd.
- duplicates
-
CWD-4680 When creating a group, require at least one member of the group that is not null if the directory type requires it
- Under Consideration
[CWD-5798] Unable to add groups to LDAP directory through Crowd UI for Generic Directory Server type
Resolution | New: Duplicate [ 3 ] | |
Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required. The code returns an empty String for the initial user record: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember (manually added DEBUG)} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required. The code returns an empty String for the initial user record: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required. The code returns an empty String for the initial user record: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember (manually added DEBUG)} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required The code returns an empty String: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required. The code returns an empty String for the initial user record: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling method is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _ 389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required The code returns an empty String: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required The code returns an empty String: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Description |
Original:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _365 Directory_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required The code returns an empty String: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
New:
h3. Issue Summary
Cannot add group in Crowd UI for the *Generic Directory Server* type. h3. Environment h3. Steps to Reproduce # Install Crowd # Integrate Crowd to an external LDAP using the *Generic Directory Server* #* The specific ones to replicate this issue are _Red Hat Directory Server (RHDS)_ or _ 389 Directory Server_ # Confirm that the User Directory syncs successfully with the LDAP directory # Now add a Group on Crowd UI for the above User Directory and it will fail (x) h3. Expected Results * The new Group is created on the LDAP directory side and return a success on Crowd UI h3. Actual Results Error on Crowd UI: !localFailedGroupCreation.png|thumbnail! Error in Crowd logs: {code} 2022-04-23 15:33:18,833 http-nio-8095-exec-10 ERROR [console.action.group.AddGroup] [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' com.atlassian.crowd.exception.InvalidGroupException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - uniqueMember: value #0 invalid per syntax ]; remaining name 'cn=testgroup2,ou=Groups,dc=elcentos,dc=local' at com.atlassian.crowd.directory.SpringLDAPConnector.addGroup(SpringLDAPConnector.java:1211) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.addGroup(DbCachingRemoteDirectory.java:735) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.addGroup(DirectoryManagerGeneric.java:529) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} The group is not created in the remote LDAP directory (x) h3. Root Cause When Crowd adds a new LDAP group, it will attempt to look for a default user to add (which is required for some Directory types). For the *Generic Directory Server* type, this does not appear to be required The code returns an empty String: {code:title=SpringLDAPConnector.java} protected String getInitialGroupMemberDN() { // empty member return ""; } {code} However, the calling code is checking for Null and not an empty string and hence adds in a default username with empty string. {code:title=SpringLDAPConnector.java} protected Attributes getNewGroupAttributes(Group group) throws NamingException { ... if (defaultContainerMemberDN != null) { {code} {code:title=Resultant empty uniqueMember} 2022-04-23 15:21:10,985 http-nio-8095-exec-11 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] getNewGroupAttributes groupAttributes={objectclass=objectClass: groupOfUniqueNames, uniquemember=uniqueMember: , cn=cn: testgroup} {code} h3. Workaround Create the Group on the remote LDAP directory and sync the group into Crowd. |
Summary | Original: Unable to add groups to LDAP directory through Crowd UI for Red Hat Directory Server (RHDS)/365 Directory | New: Unable to add groups to LDAP directory through Crowd UI for Generic Directory Server type |