Unexpected error paging through LDAP results due to missing LdapHostnameVerificationSSLSocketFactory
Problem
You are encountering a RuntimeException: Unexpected error paging through LDAP results due to a ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory not found by net.utoolity.atlassian.bamboo.identity-federation-for-aws-bamboo, for example:
java.lang.RuntimeException: Unexpected error paging through LDAP results: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory not found by net.utoolity.atlassian.bamboo.identity-federation-for-aws-bamboo [109]]
at com.atlassian.user.impl.ldap.search.page.AbstractLDAPPager.preload(AbstractLDAPPager.java:99)
at com.atlassian.user.search.page.AbstractPrefetchingPager.hasNext(AbstractPrefetchingPager.java:41)
at com.atlassian.user.search.page.MergedListPager$MergedListIterator.getCurrentIterator(MergedListPager.java:168)
at com.atlassian.user.search.page.MergedListPager$MergedListIterator.hasNext(MergedListPager.java:185)
at com.atlassian.user.search.page.MergedListPager$MergedListIterator.next(MergedListPager.java:193)
at net.utoolity.atlassian.bamboo.ifaws.GroupAccessorImpl.getGroupsMapKeyedByName(GroupAccessorImpl.java:58)
at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.getAvailableGroupsMapKeyedByName(ConfigAWSConnectorEditServlet.java:883)
at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.getSelectedGroupsMapKeyedByName(ConfigAWSConnectorEditServlet.java:854)
at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.doGet(ConfigAWSConnectorEditServlet.java:173)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
[...]Solution
This problem is caused by an upstream bug introduced in Bamboo 5.10.0 and addressed in Bamboo 5.14.2:
BAM-17196 - Getting issue details... STATUS
According to the discussion on the issue, the error manifests itself 'out of the blue' after a Bamboo configuration change has been applied, and the discussion suggests that this might stem from cache invalidation.
The only currently available solution is updating to Bamboo 5.14.2 – meanwhile you might consider applying one of the workarounds mentioned in the issue, for example:
Workaround
You may be able to work around this problem as follows:
Security Risks
Disabling SSL certificate verification may enable an attacker to manipulate data or eavesdrop on data sent from and to Bamboo!
You should only do this as a last resort and after carefully evaluating whether your Bamboo and network configuration justify the involved risks. Also, you should revert this change immediately once you have updated Bamboo to Bamboo 5.14.2 or higher.
Stop Bamboo.
Locate the configuration file that defines your LDAP integration. Depending on your Bamboo setup, this will be either
atlassian-user-custom.xml or atlassian-user.xml, located under/{BAMBOO-HOME}/xml-data/configuration/Disable SSL certificate verification by adding (or adjusting) the following element within the
<ldap>element in that configuration file:<verifySslCertificateHostname>false</verifySslCertificateHostname>Start Bamboo
Related articles
Amazon Web Services™, AWS™ and the “Powered by Amazon Web Services” logo are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.
Utoolity® is a registered trademark of Utoolity GmbH.
© 2024 Utoolity GmbH. All rights reserved.