We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-13005

LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      A customer has a problem with authentication against Active Directory. If a user's CN contains escaped double quote characters, then authentication fails with "Sorry, your username and password are incorrect - please try again", and the following in the log file (if you have log4j.category.com.opensymphony.user.provider.ldap = DEBUG):

      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com):base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com): base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
      2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
      2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
      2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
      

      Note the escaped double quotes in the CN:

      CN=Fred \\"The Legend\\" Smith
      

      You can set this up in Active Directory by inserting something in double quotes in the full name when you create a user. You can remove it or modify it by right-clicking on the user and choosing Rename.

      I am able to reproduce the behaviour on my PC against Active Directory. (I have not tried against a different LDAP server.)

      If I remove the double quotes from the full name then restart JIRA, the user can log in successfully.

      The customer states that use of double quotes in the full name is "typical for our organization" and would like to know a timeframe for when it can be fixed, by a patch if necessary. It is a Critical support issue.

      Kind regards,
      Ian

        1. LDAPCredentialsProvider.java
          19 kB
          Ian Daniel [Atlassian]

            Loading...
            IMPORTANT: JAC is a Public system and anyone on the internet will be able to view the data in the created JAC tickets. Please don’t include Customer or Sensitive data in the JAC ticket.
            Uploaded image for project: 'Jira Platform Cloud'
            1. Jira Platform Cloud
            2. JRACLOUD-13005

            LDAP authentication against Active Directory fails if there are escaped double quotes in the user's CN

                NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

                A customer has a problem with authentication against Active Directory. If a user's CN contains escaped double quote characters, then authentication fails with "Sorry, your username and password are incorrect - please try again", and the following in the log file (if you have log4j.category.com.opensymphony.user.provider.ldap = DEBUG):

                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,734 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] 'fred' could be handled by LDAP
                2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com):base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
                2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Doing initial search (connected as CN=Administrator,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com): base='CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com', filter='sAMAccountName=fred'
                2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
                2007-07-03 12:10:56,750 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] Found user(s)
                2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
                2007-07-03 12:10:56,765 http-8080-Processor23 DEBUG [user.provider.ldap.LDAPCredentialsProvider] User with dn 'CN=Fred \\"The Legend\\" Smith,CN=Users,DC=bamboo,DC=sydney,DC=atlassian,DC=com' found, but authentication failed.
                

                Note the escaped double quotes in the CN:

                CN=Fred \\"The Legend\\" Smith
                

                You can set this up in Active Directory by inserting something in double quotes in the full name when you create a user. You can remove it or modify it by right-clicking on the user and choosing Rename.

                I am able to reproduce the behaviour on my PC against Active Directory. (I have not tried against a different LDAP server.)

                If I remove the double quotes from the full name then restart JIRA, the user can log in successfully.

                The customer states that use of double quotes in the full name is "typical for our organization" and would like to know a timeframe for when it can be fixed, by a patch if necessary. It is a Critical support issue.

                Kind regards,
                Ian

                  1. LDAPCredentialsProvider.java
                    19 kB
                    Ian Daniel [Atlassian]

                        Unassigned Unassigned
                        idaniel Ian Daniel [Atlassian]
                        Affected customers:
                        4 This affects my team
                        Watchers:
                        4 Start watching this issue

                          Created:
                          Updated:
                          Resolved:

                            Unassigned Unassigned
                            idaniel Ian Daniel [Atlassian]
                            Affected customers:
                            4 Vote for this issue
                            Watchers:
                            4 Start watching this issue

                              Created:
                              Updated:
                              Resolved: