Embedded Crowd

[ahmedsajid]

Does this work with embedded crowd running under JIRA/ JIRA Service Desk?

crowd.properties:

#Crowd Server Configuration
 session.lastvalidation=session.lastvalidation
 session.isauthenticated=session.isauthenticated
 application.password=Apppassword
 application.name=Appname
 session.validationinterval=0
 crowd.server.url=https://myjiraserver.com 
 session.tokenkey=session.tokenkey
 application.login.url=https://myjiraserver.com

I tried but seem to be running into issues. Paste of startup log:

[15:55:49] INFO [net.wimpi.crowd.ldap.CrowdLDAPServer] - Configuration directory: /usr/src/app/etc
[15:55:49] INFO [net.wimpi.crowd.ldap.CrowdLDAPServer] - Starting up CrowdLDAP Server
[15:55:49] INFO [net.wimpi.crowd.ldap.CrowdLDAPServer] - Working directory: /usr/src/app/work
[15:55:49] DEBUG [net.wimpi.crowd.ldap.CrowdLDAPServer] - Loading configuration.
[15:55:49] ERROR [net.wimpi.crowd.ldap.CrowdLDAPServer] - CrowdLDAPServer(File,File)
com.atlassian.crowd.exception.OperationFailedException: java.net.SocketException: Connection reset
    at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:320)
    at com.atlassian.crowd.integration.rest.service.RestCrowdClient.searchUsers(RestCrowdClient.java:494)
    at com.atlassian.crowd.integration.rest.service.RestCrowdClient.testConnection(RestCrowdClient.java:483)
    at net.wimpi.crowd.ldap.CrowdLDAPServer.initCrowdClient(CrowdLDAPServer.java:126)
    at net.wimpi.crowd.ldap.CrowdLDAPServer.<init>(CrowdLDAPServer.java:107)
    at net.wimpi.crowd.ldap.CrowdLDAPServer.main(CrowdLDAPServer.java:360)
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:196)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
    at sun.security.ssl.InputRecord.read(InputRecord.java:480)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:502)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
    at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.executeCrowdServiceMethod(RestExecutor.java:419)
    at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:308)
    ... 5 more
[15:55:50] DEBUG [net.wimpi.crowd.ldap.CrowdLDAPServer] - org.apache.directory.server.core.authn.AuthenticationInterceptor@556148eb
[15:55:50] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - ==> CrowdPartition::init
[15:55:50] INFO [net.wimpi.crowd.ldap.CrowdPartition] - Initializing CrowdPartition with m_Suffix dc=crowd
[15:55:50] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - <== CrowdPartition::init
[15:55:51] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
[15:55:51] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - search((dn=0.9.2342.19200300.100.1.25=crowd, filter=(objectClass=referral), scope=sub)
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - findSubTree()::dn=0.9.2342.19200300.100.1.25=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - Name=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - search((dn=0.9.2342.19200300.100.1.25=crowd, filter=(objectClass=accessControlSubentry), scope=sub)
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - findSubTree()::dn=0.9.2342.19200300.100.1.25=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - Name=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - search((dn=0.9.2342.19200300.100.1.25=crowd, filter=(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)), scope=sub)
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - findSubTree()::dn=0.9.2342.19200300.100.1.25=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - Name=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - search((dn=0.9.2342.19200300.100.1.25=crowd, filter=(objectClass=subentry), scope=sub)
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - findSubTree()::dn=0.9.2342.19200300.100.1.25=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - Name=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - search((dn=0.9.2342.19200300.100.1.25=crowd, filter=(objectClass=triggerExecutionSubentry), scope=sub)
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - findSubTree()::dn=0.9.2342.19200300.100.1.25=crowd
[15:55:51] DEBUG [net.wimpi.crowd.ldap.CrowdPartition] - Name=crowd
[15:55:51] INFO [net.wimpi.crowd.ldap.CrowdLDAPServer] - Starting directory listener...

I have been successful in using Python Crowd module https://pypi.python.org/pypi/Crowd using same details as above.

[ahmedsajid]

@dwimberger any thoughts?

[dwimberger]

@ahmedsajid Maybe an SSL problem? Self signed certificate (import it to the keystore) or name mismatch etc.

Try to debug it: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html

[ahmedsajid]

The certificates are not self-signed. They are issued by Digicert which should be part of default keystore.

[ahmedsajid]

The issue turns out to be with java talking TLS v1.0 with the crowd server, which is considered insecure in our environment.

I used Java 8 and it works perfectly!