-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
3.16.0, 3.16.1, 4.3.1
-
8
-
Severity 3 - Minor
-
1
-
Issue description
When using the Add Customer button from a Service Desk Project Customer page OR the Service Desk public signup page, the user is created by using the email address as a username.
This behavior becomes a problem if JIRA is connected to an Active Directory, because JIRA will try to create a new user in the AD by populating the sAMAccountName attribute with the email address. Since the sAMAccountName attribute has a character limit of 20, customers will fail to be created if their email address is longer than 20 characters (which is very common), and the following error will be thrown in the logs:
2018-02-20 02:44:29,434 http-nio-8080-exec-11 ERROR xxxxx XXXxXXXXx1 XXXXXXX XX.XX.XXX.XXX /rest/servicedesk/1/pages/people/customers/pagination/SDS/invite/organisation [c.a.s.internal.user.ServiceDeskUserManagerImpl] Could not create user: atlassiantestuser@test.com com.atlassian.crowd.exception.InvalidUserException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 80 - 00000523: SysErr: DSID-031A12C8, problem 22 (Invalid argument), data 0^@]; remaining name 'cn=atlassiantestuser@test.com,ou=people,ou=users,ou=root ou,dc=test,dc=com'
Suggested solution
Improve the customer creation design, e.g Add Customer button so that the Project Admin can set the username of the newly created user, instead of just entering an email address and letting JIRA automatically set this email address as the username.
Note
This issue will happen, no matter what the user name attribute is mapped to in the AD configuration in JIRA. Even if it's mapped to a different attribute such as userPrincipalName, JIRA will still populate the sAMAccountName attribute.
Workaround
- First, create the user from the page âš™ > User Management > Users > Create User
- With this creation method, you'll be able to decide what the username attribute should be and use a string which is less than 20 characters
- Then add the user to the project customers by going to the Project's Customers page, clicking on Add Customer and using the username of the user created in the first step
OR
Asking customers to sign up from Jira's sign up page.
- is related to
-
-
- Long Term Backlog
-
- links to
[JSDSERVER-6248] Creating new customers failed when connected to Active Directory if username is longer than 20 characters
Hi all,
I've modified the bug ticket to include the same behavior that can be reproduced from Service Desk's self signup page.
Best regards,
Akmal
The suggested solution for this issue is for me just a workaround, because:
- The admin can still set a username longer than 20 characters, the same error will occur
- It will not solve the issue if the user performs a self sign up in Jira Service Desk with an e-mail address longer than 20 characters
I think the real solution must be, that the Jira AD connector needs a fix, so that Jira always trims the SamAccountName field to the maximum of 20 characters. This is a hard limit in the AD schema and can't be changed:
https://community.atlassian.com/t5/Jira-questions/Jira-sAMAccountName-not-truncated/qaq-p/1168019?utm_source=atlcomm&utm_medium=email&utm_campaign=mentions_answer&utm_content=topic https://docs.microsoft.com/en-us/windows/win32/adschema/a-samaccountname
Same issue applies if a user performs a self service sign up in Jira Service Desk. If he enters an e-mail address longer than 20 characters, it will not work.
Reference:
Using the Add customer feature is critical for our deployment and needed for our Beta test. We strongly recommend this be get escalated for resolution.
Hi
Any news on this bug - we are still waiting for a fix and can't use the self sign up for customers in the Jira Service Desk.
Gruss Claudio