Users can't login after upgrading to Bitbucket

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

After upgrading to Bitbucket server, users on the LDAP server can't login.

The following appears in the atlassian-stash.log

2015-11-04 00:00:01,149 WARN  [http-nio-7990-exec-3] @6DNHTPx0x753x1 209.12.168.210,10.84.220.10,10.84.8.21 "GET /scm/hm/your-repo.git/info/refs HTTP/1.1" c.a.s.i.s.s.PluginAuthenticationProvider Authenticator 'com.atlassian.stash.stash-authentication:crowdHttpAuthHandler' threw an exception
com.atlassian.stash.exception.DataStoreException: A database error has occurred.
	at com.atlassian.stash.internal.aop.ExceptionRewriteAdvice.afterThrowing(ExceptionRewriteAdvice.java:46) ~[stash-platform-3.11.2.jar:na]
	at com.atlassian.stash.internal.auth.EmbeddedCrowdHttpAuthenticationHandler.authenticate(EmbeddedCrowdHttpAuthenticationHandler.java:47) ~[stash-service-impl-3.11.2.jar:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider$1.perform(PluginAuthenticationProvider.java:103) ~[PluginAuthenticationProvider$1.class:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider$1.perform(PluginAuthenticationProvider.java:100) ~[PluginAuthenticationProvider$1.class:na]
	at com.atlassian.stash.internal.auth.DefaultCaptchaService.authenticateWithCaptcha(DefaultCaptchaService.java:71) ~[stash-service-impl-3.11.2.jar:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.attemptAuthentication(PluginAuthenticationProvider.java:120) [PluginAuthenticationProvider.class:na]
	at com.atlassian.stash.internal.spring.security.PluginAuthenticationProvider.authenticate(PluginAuthenticationProvider.java:61) [PluginAuthenticationProvider.class:na]
	at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:102) [StashAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:109) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:103) [atlassian-trusted-apps-core-4.0.0.jar:na]
	at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:79) [atlassian-oauth-service-provider-plugin-1.9.10_1438176130000.jar:na]
	at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:36) [analytics-client-3.70.1_1436186494000.jar:na]
	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:32) [analytics-client-3.70.1_1436186494000.jar:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:87) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) [BeforeLoginPluginAuthenticationFilter.class:na]
	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:85) [stash-service-impl-3.11.2.jar:na]
	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) [ConfigurableWebFilter.class:na]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.7.0_51]
	at java.lang.Thread.run(Unknown Source) [na:1.7.0_51]
	... 176 frames trimmed
Caused by: org.springframework.dao.DataIntegrityViolationException: could not execute batch; SQL [update cwd_user set user_name=?, lower_user_name=?, is_active=?, created_date=?, updated_date=?, first_name=?, lower_first_name=?, last_name=?, lower_last_name=?, display_name=?, lower_display_name=?, email_address=?, lower_email_address=?, external_id=?, directory_id=?, credential=? where id=?]; constraint [uq_cwd_user_dir_ext_id]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute batch
	at org.springframework.orm.hibernate4.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:163) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	at org.springframework.orm.hibernate4.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:730) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	at org.springframework.orm.hibernate4.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:592) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:757) ~[spring-tx-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:726) ~[spring-tx-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	at com.atlassian.crowd.directory.InternalDirectory.updateUser(InternalDirectory.java:274) ~[crowd-persistence-2.8.4-m1.jar:na]
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.updateUser(DelegatedAuthenticationDirectory.java:721) ~[crowd-persistence-2.8.4-m1.jar:na]
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.updateLocalUserDetails(DelegatedAuthenticationDirectory.java:559) ~[crowd-persistence-2.8.4-m1.jar:na]
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticateAndUpdateOrCreate(DelegatedAuthenticationDirectory.java:288) ~[crowd-persistence-2.8.4-m1.jar:na]
	at com.atlassian.crowd.directory.DelegatedAuthenticationDirectory.authenticate(DelegatedAuthenticationDirectory.java:186) ~[crowd-persistence-2.8.4-m1.jar:na]
	at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:283) ~[crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.stash.internal.crowd.CustomizedDirectoryManager.authenticateUser(CustomizedDirectoryManager.java:53) ~[stash-service-impl-3.11.2.jar:na]
	at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:194) ~[crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.stash.internal.crowd.CustomizedApplicationService.authenticateUser(CustomizedApplicationService.java:46) ~[stash-service-impl-3.11.2.jar:na]
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:69) ~[embedded-crowd-core-2.8.4-m1.jar:na]
	at com.atlassian.stash.internal.crowd.RiotPolice.authenticate(RiotPolice.java:98) ~[stash-service-impl-3.11.2.jar:na]
	at com.atlassian.stash.internal.user.DefaultUserService.authenticate(DefaultUserService.java:108) ~[stash-service-impl-3.11.2.jar:na]
	... 20 common frames omitted
Caused by: org.hibernate.exception.ConstraintViolationException: could not execute batch
	at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:129) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:126) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:132) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.doExecuteBatch(BatchingBatch.java:111) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl.execute(AbstractBatchImpl.java:163) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.executeBatch(JdbcCoordinatorImpl.java:226) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:484) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:351) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:350) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:56) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1222) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:425) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:177) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	at org.springframework.orm.hibernate4.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:584) ~[spring-orm-4.1.6.RELEASE.jar:4.1.6.RELEASE]
	... 34 common frames omitted
Caused by: java.sql.BatchUpdateException: Duplicate entry '622593-' for key 'uq_cwd_user_dir_ext_id'
	at com.mysql.jdbc.PreparedStatement.executeBatchSerially(PreparedStatement.java:2007) ~[mysql-connector-java-5.1.10.jar:na]
	at com.mysql.jdbc.PreparedStatement.executeBatch(PreparedStatement.java:1443) ~[mysql-connector-java-5.1.10.jar:na]
	at com.jolbox.bonecp.StatementHandle.executeBatch(StatementHandle.java:469) ~[bonecp-0.7.1.RELEASE.jar:0.7.1.RELEASE]
	at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:123) ~[hibernate-core-4.3.8.Final.jar:4.3.8.Final]
	... 46 common frames omitted

原因

A new constraint was added in STASH-5244, however relies on the external_id column in the cwd_user table being populated with a NULL in the case no "User Unique ID Attribute" (typically entryUUID) is provided by the directory server.

If you mapped field that is not unique on your LDAP server, the error above will occur.

Notice that this problem is different to the one described on  BSERV-7580 - Getting issue details... STATUS  because in that case an administrator was mapping an inexistent "Unique ID", we were inserting an "empty" string into the database. That was fixed by ensuring that in such use cases we insert NULL into the database.

ソリューション

An external id (such as a UUID) should be provided to Bitbucket by the directory server. This permits renaming of users. LDAP servers should provide an attribute 'entryUUID' according to RFC 4530. In some cases this is provided via a different attribute, and Bitbucket should be configured to use this attribute.

The setting can be found as follows for LDAP servers:

  1. Go to Administration >> User Directories
  2. Click Edit on the LDAP server
  3. Go to User Schema Settings >> User Unique ID Attribute. Make sure with your LDAP admin that this field is unique.
  4. Update this to the correct attribute then click "Save and Test"

More details about UUID this can be found here: Connecting Stash to an existing LDAP directory.

Last modified on Mar 30, 2016

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.