Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7017

Importing LDAP Groups Fails with Invalid DN Syntax

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.4.2, 3.9.4
    • Fix Version/s: 4.1.0
    • Component/s: LDAP
    • Environment:

      Artifactory Pro RPM Install on RHEL Linux x86 64 Bit

      Description

      When using the "Static" strategy to import LDAP groups into Artifactory Pro, Artifactory fails to find groups when using the "Filter by username" field. This following error shows up in the logs:

      2014-12-10 12:09:32,034 [ajp-bio-8019-exec-538] [ERROR] (o.a.a.l.p.LdapGroupProviderImpl:190) - An error occurred while retrieving LDAP groups with strategy STATIC, org.springframework.ldap.InvalidNameException: ou=memberList,ou=ibmgroups: [LDAP: error code 34 - Invalid DN Syntax]; nested exception is javax.naming.InvalidNameException: ou=artifactory,ou=groups: [LDAP: error code 34 - Invalid DN Syntax]; remaining name 'ou=artifactory,ou=groups'

      When I use wireshark to capture the network traffic to the LDAP server I can see it tries to do a query similar to the following:

      (&(objectClass=groupOfUniqueNames)(|(uniquemember=uid=user,ou=people,dc=example,dc=com)(uniquemember=user@example.com)))

      I tried this search filter directly against our LDAP server and figured out that the problem is that the uniquemember attribute on the group must be a DN and if you try to search for anything other than a DN the search will fail with an LDAP Error 34 - Invalid DN Syntax.

      We do not directly control this LDAP server and cannot disable strict validation to work around this issue.

      Would it be possible to adjust the way Artifactory searches for users in a group to only search on DN or make this a configurable option?

      Would be happy to provide more detail as necessary.

      This may be related to the fix applied for RTFACT-3961

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shayb Shay Bagants
              Reporter:
              adamba@ca.ibm.com Adam J. Baker
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: