Uploaded image for project: 'Jira Cloud (including JIRA Core)'
  1. Jira Cloud (including JIRA Core)
  2. JRACLOUD-13005

LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN

    XMLWordPrintable

    Details

      Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      A customer has a problem with authentication against Active Directory. If a user's CN contains escaped double quote characters, then authentication fails with "Sorry, your username and password are incorrect - please try again", and the following in the log file (if you have log4j.category.com.opensymphony.user.provider.ldap = DEBUG):

      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com):base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com): base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
      2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
      2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
      

      Note the escaped double quotes in the CN:

      CN=Fred \\"The Legend\\" Smith
      

      You can set this up in Active Directory by inserting something in double quotes in the full name when you create a user. You can remove it or modify it by right-clicking on the user and choosing Rename.

      I am able to reproduce the behaviour on my PC against Active Directory. (I have not tried against a different LDAP server.)

      If I remove the double quotes from the full name then restart JIRA, the user can log in successfully.

      The customer states that use of double quotes in the full name is "typical for our organization" and would like to know a timeframe for when it can be fixed, by a patch if necessary. It is a Critical support issue.

      Kind regards,
      Ian

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              idaniel Ian Daniel [Atlassian]
              Votes:
              4 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: