Jira 10 upgrade task ( UpgradeTask_Build10020000 ) fails to convert/encrypt LDAP credentials if username and password are blank

XMLWordPrintable

    • 10.02
    • 26
    • Severity 3 - Minor
    • 24
    • Warranty

      Issue Summary

      This is reproducible on Data Center: Yes

      Steps to Reproduce

      1. Install Jira 9.12
      2. Configure a LDAP directory with a blank username and password, full synchronization completes successfully
      3. Upgrade to Jira 10.3

      Expected Results

      LDAP synchronization continues working

      Actual Results

      LDAP synchronization fails with invalid credentials

      The below exception is thrown in the atlassian-jira.log file:

      2025-02-24 14:10:44,915-0800 Caesium-1-4 ERROR ServiceRunner     [c.a.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ].
com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Invalid authentication]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: Invalid authentication]

      Workaround

      • Stop Jira
      • Determine directory ID of affected LDAP directory ( select * from cwd_directory )
      • Issue following SQL, replacing directory ID with the affected LDAP directory 
        •  delete from secret where identifier = 'com.atlassian.jira.secrets.directory_(directory_id)_ldap.password';
update cwd_directory_attribute set attribute_value = '' where attribute_name = 'ldap.password' and directory_id = '(directory_id)';
      • Start Jira

            Assignee:
            Unassigned
            Reporter:
            Jeff Curry
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: