Unexpected error paging through LDAP results due to missing LdapHostnameVerificationSSLSocketFactory

Problem

You are encountering a RuntimeException: Unexpected error paging through LDAP results due to a ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory not found by net.utoolity.atlassian.bamboo.identity-federation-for-aws-bamboo, for example:

1 2 3 4 5 6 7 8 9 10 11 12 java.lang.RuntimeException: Unexpected error paging through LDAP results: javax.naming.CommunicationException: Loading the socket factory [Root exception is java.lang.ClassNotFoundException: com.atlassian.user.util.LdapHostnameVerificationSSLSocketFactory not found by net.utoolity.atlassian.bamboo.identity-federation-for-aws-bamboo [109]] at com.atlassian.user.impl.ldap.search.page.AbstractLDAPPager.preload(AbstractLDAPPager.java:99) at com.atlassian.user.search.page.AbstractPrefetchingPager.hasNext(AbstractPrefetchingPager.java:41) at com.atlassian.user.search.page.MergedListPager$MergedListIterator.getCurrentIterator(MergedListPager.java:168) at com.atlassian.user.search.page.MergedListPager$MergedListIterator.hasNext(MergedListPager.java:185) at com.atlassian.user.search.page.MergedListPager$MergedListIterator.next(MergedListPager.java:193) at net.utoolity.atlassian.bamboo.ifaws.GroupAccessorImpl.getGroupsMapKeyedByName(GroupAccessorImpl.java:58) at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.getAvailableGroupsMapKeyedByName(ConfigAWSConnectorEditServlet.java:883) at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.getSelectedGroupsMapKeyedByName(ConfigAWSConnectorEditServlet.java:854) at net.utoolity.atlassian.ifaws.ui.ConfigAWSConnectorEditServlet.doGet(ConfigAWSConnectorEditServlet.java:173) at javax.servlet.http.HttpServlet.service(HttpServlet.java:622) [...]

Solution

This problem is caused by an upstream bug introduced in Bamboo 5.10.0 and addressed in Bamboo 5.14.2:

According to the discussion on the issue, the error manifests itself 'out of the blue' after a Bamboo configuration change has been applied, and the discussion suggests that this might stem from cache invalidation.

The only currently available solution is updating to Bamboo 5.14.2 – meanwhile you might consider applying one of the workarounds mentioned in the issue, for example:

Workaround

You may be able to work around this problem as follows:

Security Risks

Disabling SSL certificate verification may enable an attacker to manipulate data or eavesdrop on data sent from and to Bamboo!

You should only do this as a last resort and after carefully evaluating whether your Bamboo and network configuration justify the involved risks. Also, you should revert this change immediately once you have updated Bamboo to Bamboo 5.14.2 or higher.

  1. Stop Bamboo.

  2. Locate the configuration file that defines your LDAP integration. Depending on your Bamboo setup, this will be either atlassian-user-custom.xml or atlassian-user.xml, located under /{BAMBOO-HOME}/xml-data/configuration/

  3. Disable SSL certificate verification by adding (or adjusting) the following element within the <ldap> element in that configuration file:

    1 <verifySslCertificateHostname>false</verifySslCertificateHostname>
  4. Start Bamboo