[NEXUS-23895] Save of LDAP user and group settings fails with error. - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.24.0
Fix Version/s: 3.25.0
Component/s: LDAP, UI
Labels:

Notability:
3
Demo:
https://www.youtube.com/watch?v=Bz8RUxfVOho

Description

Set up an LDAP server using "simple authentication" authentication method. Also configure "user and group" settings. Save.

Now go to the "user and group" settings, and make a change to them, and attempt to save. This will fail with UI error shown as "connection.systemUsername".

The log shows;

2020-05-12 11:21:10,385-0500 ERROR [qtp743319359-197] admin org.sonatype.nexus.extdirect.internal.ExtDirectExceptionHandler - Failed to invoke action method: ldap_LdapServer.update, java-method: org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.update
java.lang.IllegalArgumentException: connection.systemUsername
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:135)
at org.sonatype.nexus.ldap.persist.internal.Validator.validate(Validator.java:53)
at org.sonatype.nexus.ldap.persist.internal.Validator.validate(Validator.java:39)
at org.sonatype.nexus.ldap.persist.internal.DefaultLdapConfigurationManager.updateLdapServerConfiguration(DefaultLdapConfigurationManager.java:167)
at org.sonatype.nexus.ldap.persist.LdapConfigurationManager$updateLdapServerConfiguration$2.call(Unknown Source)
at org.sonatype.nexus.ldap.internal.ui.LdapServerComponent.update(LdapServerComponent.groovy:137)
at com.palominolabs.metrics.guice.ExceptionMeteredInterceptor.invoke(ExceptionMeteredInterceptor.java:23)
at com.palominolabs.metrics.guice.TimedInterceptor.invoke(TimedInterceptor.java:26)
at org.sonatype.nexus.validation.internal.ValidationInterceptor.invoke(ValidationInterceptor.java:53)
at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
at org.apache.shiro.guice.aop.AopAllianceMethodInvocationAdapter.proceed(AopAllianceMethodInvocationAdapter.java:49)
at org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor.invoke(AuthorizingAnnotationMethodInterceptor.java:68)
at org.apache.shiro.guice.aop.AopAllianceMethodInterceptorAdapter.invoke(AopAllianceMethodInterceptorAdapter.java:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)

This is a regression introduced by the changes made for ~~NEXUS-23556~~.

Workaround: Enter the system user password on the connection screen, do not save, go to "user and group" settings screen make change, and save.

Make a change to the "user and group" settings screen, save.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

LDAP_protocols.png
42 kB
05/28/20 08:29 AM
reenter_password.png
150 kB
05/28/20 08:10 AM
Screen Shot 2020-05-26 at 2.59.29 PM.png
841 kB
05/26/20 06:59 PM

Issue Links

is caused by

NEXUS-23556 CVE-2020-11415: LDAP system credentials can be exposed by admin user

Closed

is related to

NEXUS-23887 LDAP connection UI looks broken, constantly prompts for password

Closed

Activity

People

Assignee:: Mykyta Shevelov

Reporter:: Rich Seddon

Last Updated By:: Michael Prescott

Team:: NXRM - Trinity

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 05/12/20 04:27 PM

Updated:: 04/23/21 06:11 PM

Resolved:: 06/08/20 05:56 PM

Date of First Response:: 19/May/20 1:15 PM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

tigCommentSecurity.panel-title