avax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]

Atlassian JIRA | Mai Nakagawa [Atlassian] | 1 year ago
  1. 0

    h3. Summary Error deleting existing user/password for anonymous bind to LDAP directories. h3. Steps to Reproduce # Install Confluence 5.8.15 # Prepare LDAP Server accepting anonymous bind # Create a new LDAP directory in Confluence with setting random user and password, which will fail as expected # Edit the LDAP directory with deleting the user and password for anonymous bind, which will fail unexpectedly (this is the bug) h3. Expected Results Anonymous bind is successful with deleting the existing user/password of the existing LDAP directory configuration h3. Actual Results The below exception is thrown in the atlassian-confluence.log file: {noformat} 2015-10-30 10:45:34,971 ERROR [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 98307 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]; nested exception is j avax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:506) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:459) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:679) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:1076) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:55) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:90) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:89) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$152(ConfluenceQuartzThreadPool.java:19) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$$Lambda$134/1226237899.run(Unknown Source) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]; nested exception is javax.naming.AuthenticationException: [LDAP: e rror code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedCall(SpringLdapTemplateWrapper.java:165) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedCall(SpringLdapTemplateWrapper.java:162) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:126) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:89) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:162) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:501) ... 18 more Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) ... 31 more {noformat} h3. Notes I found _ldap.password_ remains in _cwd_directory_attribute_ table even after deleting the former user and password: {code} # SELECT * FROM cwd_directory_attribute where attribute_name = 'ldap.password' OR attribute_name = 'ldap.userdn'; directory_id | attribute_value | attribute_name --------------+-----------------+---------------- 98307 | abc | ldap.password (1 row) {code} It seems this is the root cause, because anonymous bind succeeds after I delete the record by this SQL query: {code} DELETE FROM cwd_directory_attribute where attribute_name = 'ldap.password' {code} h3.Workaround Create a new LDAP directory configuration instead of editing the existing one

    Atlassian JIRA | 1 year ago | Mai Nakagawa [Atlassian]
    avax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]
  2. 0

    h3. Summary Error deleting existing user/password for anonymous bind to LDAP directories. h3. Steps to Reproduce # Install Confluence 5.8.15 # Prepare LDAP Server accepting anonymous bind # Create a new LDAP directory in Confluence with setting random user and password, which will fail as expected # Edit the LDAP directory with deleting the user and password for anonymous bind, which will fail unexpectedly (this is the bug) h3. Expected Results Anonymous bind is successful with deleting the existing user/password of the existing LDAP directory configuration h3. Actual Results The below exception is thrown in the atlassian-confluence.log file: {noformat} 2015-10-30 10:45:34,971 ERROR [scheduler_Worker-1] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 98307 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]; nested exception is j avax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:506) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:459) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:679) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:1076) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:55) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:90) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:89) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$152(ConfluenceQuartzThreadPool.java:19) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$$Lambda$134/1226237899.run(Unknown Source) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]; nested exception is javax.naming.AuthenticationException: [LDAP: e rror code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedCall(SpringLdapTemplateWrapper.java:165) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$2.timedCall(SpringLdapTemplateWrapper.java:162) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:126) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:89) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:162) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:501) ... 18 more Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) ... 31 more {noformat} h3. Notes I found _ldap.password_ remains in _cwd_directory_attribute_ table even after deleting the former user and password: {code} # SELECT * FROM cwd_directory_attribute where attribute_name = 'ldap.password' OR attribute_name = 'ldap.userdn'; directory_id | attribute_value | attribute_name --------------+-----------------+---------------- 98307 | abc | ldap.password (1 row) {code} It seems this is the root cause, because anonymous bind succeeds after I delete the record by this SQL query: {code} DELETE FROM cwd_directory_attribute where attribute_name = 'ldap.password' {code} h3.Workaround Create a new LDAP directory configuration instead of editing the existing one

    Atlassian JIRA | 1 year ago | Mai Nakagawa [Atlassian]
    avax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]
  3. 0

    LDAP server connection - exception javax.naming.AuthenticationException

    Oracle Community | 1 decade ago | 843793
    avax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    db:: 4.44::LDAP Unknown error 0x80005000 sp

    hivmr.com | 7 months ago
    avax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]

    Root Cause Analysis

    1. avax.naming.AuthenticationException

      [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ]

      at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls()
    2. com.atlassian.crowd
      DirectoryPollerJobRunner.runJob
      1. com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:506)
      2. com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:459)
      3. com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:679)
      4. com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:1076)
      5. com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:55)
      6. com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:90)
      7. com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:89)
      8. com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
      9. com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
      10. com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
      11. com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobRunner.runJob(DirectoryPollerJobRunner.java:93)
      11 frames
    3. com.atlassian.scheduler
      Quartz1Job.execute
      1. com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)
      2. com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
      3. com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
      4. com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
      4 frames
    4. quartz
      JobRunShell.run
      1. org.quartz.core.JobRunShell.run(JobRunShell.java:223)
      1 frame
    5. com.atlassian.confluence
      ConfluenceQuartzThreadPool.lambda$runInThread$152
      1. com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool.lambda$runInThread$152(ConfluenceQuartzThreadPool.java:19)
      1 frame