Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
2.7.1
-
9
-
Severity 2 - Major
-
2
-
Description
Crowd log is full of messages complaining about crowd not being able to remove a user from a group because the user was not found.
If you think a little bit about this, it makes no sense. Obviously if the user is does not exist he is no longer member of the group.
com.atlassian.crowd.exception.UserNotFoundException: User <#ccss - operations> does not exist
at com.atlassian.crowd.dao.user.UserDAOHibernate.findByName(UserDAOHibernate.java:194)
at com.atlassian.crowd.dao.user.UserDAOHibernate.findByName(UserDAOHibernate.java:50)
at com.atlassian.crowd.directory.AbstractInternalDirectory.findUserByName(AbstractInternalDirectory.java:150)
at com.atlassian.crowd.directory.AbstractInternalDirectory.removeUserFromGroup(AbstractInternalDirectory.java:849)
at com.atlassian.crowd.directory.DbCachingRemoteChangeOperations.removeUserMembershipsForGroup(DbCachingRemoteChangeOperations.java:750)
at sun.reflect.GeneratedMethodAccessor345.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.atlassian.crowd.directory.$Proxy372.removeUserMembershipsForGroup(Unknown Source)
at com.atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations.syncUserMembersForGroup(DirectoryCacheImplUsingChangeOperations.java:119)
This is currently logged as INFO + Exception trace, so it fills our logs with bogus information.
The expected behavior would be to ignore this, obviously the user is removed, even if we are able to find it.
Now, let me explain the setup a little bit, to understand it better.
- We are using nested groups
- Not all LDAP groups are editable by crowd, in fact only just few of them are.
- These two are both groups.
- We do map few groups as users (altering the crowd LDAP filters), this allows us to view them as users in jira, and to attach tickets to them.
I would expect to see this kind of error with such virtual-user, but that's not the case, in both cases these are just LDAP groups that are not treated separately.
