-
Bug
-
Resolution: Fixed
-
Low
-
Customer: JIRA Standalone 3.7.1 on Java 1.5.0_09-b03 on Linux.
Me: JIRA Standalone on Java 1.6.0_01-b06 on Windows 2003.
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
A customer has a problem with authentication against Active Directory. If a user's CN contains escaped double quote characters, then authentication fails with "Sorry, your username and password are incorrect - please try again", and the following in the log file (if you have log4j.category.com.opensymphony.user.provider.ldap = DEBUG):
2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com):base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred' 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com): base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred' 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s) 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s) 2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed. 2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
Note the escaped double quotes in the CN:
CN=Fred \\"The Legend\\" Smith
You can set this up in Active Directory by inserting something in double quotes in the full name when you create a user. You can remove it or modify it by right-clicking on the user and choosing Rename.
I am able to reproduce the behaviour on my PC against Active Directory. (I have not tried against a different LDAP server.)
If I remove the double quotes from the full name then restart JIRA, the user can log in successfully.
The customer states that use of double quotes in the full name is "typical for our organization" and would like to know a timeframe for when it can be fixed, by a patch if necessary. It is a Critical support issue.
Kind regards,
Ian
- is related to
-
CWD-2898 Use LdapName consistently when manipulating DNs
- Closed
-
JRASERVER-13005 LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN
- Closed
LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN
-
Bug
-
Resolution: Fixed
-
Low
-
Customer: JIRA Standalone 3.7.1 on Java 1.5.0_09-b03 on Linux.
Me: JIRA Standalone on Java 1.6.0_01-b06 on Windows 2003.
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
A customer has a problem with authentication against Active Directory. If a user's CN contains escaped double quote characters, then authentication fails with "Sorry, your username and password are incorrect - please try again", and the following in the log file (if you have log4j.category.com.opensymphony.user.provider.ldap = DEBUG):
2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com):base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred' 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com): base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred' 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s) 2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s) 2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed. 2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
Note the escaped double quotes in the CN:
CN=Fred \\"The Legend\\" Smith
You can set this up in Active Directory by inserting something in double quotes in the full name when you create a user. You can remove it or modify it by right-clicking on the user and choosing Rename.
I am able to reproduce the behaviour on my PC against Active Directory. (I have not tried against a different LDAP server.)
If I remove the double quotes from the full name then restart JIRA, the user can log in successfully.
The customer states that use of double quotes in the full name is "typical for our organization" and would like to know a timeframe for when it can be fixed, by a patch if necessary. It is a Critical support issue.
Kind regards,
Ian
- is related to
-
CWD-2898 Use LdapName consistently when manipulating DNs
- Closed
-
JRASERVER-13005 LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN
- Closed