Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7017

Importing LDAP Groups Fails with Invalid DN Syntax

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.4.2, 3.9.4
    • Fix Version/s: 4.1.0
    • Component/s: LDAP
    • Environment:

      Artifactory Pro RPM Install on RHEL Linux x86 64 Bit

      Description

      When using the "Static" strategy to import LDAP groups into Artifactory Pro, Artifactory fails to find groups when using the "Filter by username" field. This following error shows up in the logs:

      2014-12-10 12:09:32,034 [ajp-bio-8019-exec-538] [ERROR] (o.a.a.l.p.LdapGroupProviderImpl:190) - An error occurred while retrieving LDAP groups with strategy STATIC, org.springframework.ldap.InvalidNameException: ou=memberList,ou=ibmgroups: [LDAP: error code 34 - Invalid DN Syntax]; nested exception is javax.naming.InvalidNameException: ou=artifactory,ou=groups: [LDAP: error code 34 - Invalid DN Syntax]; remaining name 'ou=artifactory,ou=groups'

      When I use wireshark to capture the network traffic to the LDAP server I can see it tries to do a query similar to the following:

      (&(objectClass=groupOfUniqueNames)(|(uniquemember=uid=user,ou=people,dc=example,dc=com)(uniquemember=user@example.com)))

      I tried this search filter directly against our LDAP server and figured out that the problem is that the uniquemember attribute on the group must be a DN and if you try to search for anything other than a DN the search will fail with an LDAP Error 34 - Invalid DN Syntax.

      We do not directly control this LDAP server and cannot disable strict validation to work around this issue.

      Would it be possible to adjust the way Artifactory searches for users in a group to only search on DN or make this a configurable option?

      Would be happy to provide more detail as necessary.

      This may be related to the fix applied for RTFACT-3961

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                shayb Shay Bagants
                Reporter:
                adamba@ca.ibm.com Adam J. Baker
              • Votes:
                3 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: