Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-37056

User Loses Membership Upon Login

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Medium
    • 5.5
    • 5.4.1
    • None

    Description

      We have found that the caching mechanism in Confluence 5.4.1 may be flawed (or any version of Confluence that comes with embedded Crowd 2.7.0) , in a way that users may randomly lose their group memberships once they login.

      This is true even if the LDIF looks perfect, example:

      1. Group confluence-users: 
        dn: cn=confluence-users,ou=Groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: confluence-users
memberUid: uid=foo,ou=Users,dc=example,dc=com
      2. User foo: 
        dn: uid=foo,ou=Users,dc=example,dc=com
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
gidNumber: 65534
uid: foo
givenName: foo
sn: foo
displayName: foo
mail:foo@foo.foo
cn: foo
uidNumber: 64702
userPassword: pass
      3. Directory Configuration Summary: 
            "ldap.basedn": "dc=example,dc=com"
    "ldap.group.dn": "ou=Groups"
    "ldap.group.filter": "(objectclass=posixGroup)"
    "ldap.group.name": "cn"
    "ldap.group.objectclass": "posixGroup"
    "ldap.group.usernames": "memberUid"
    "ldap.user.displayname": "displayName"
    "ldap.user.dn": "ou=Users"
    "ldap.user.email": "mail"
    "ldap.user.filter": "(objectclass=posixAccount)"
    "ldap.user.firstname": "givenName"
    "ldap.user.lastname": "sn"
    "ldap.user.objectclass": "posixAccount"
    "ldap.user.password": "userPassword"
    "ldap.user.username": "uid"
    "ldap.user.username.rdn": "uid"
    "ldap.usermembership.use": "false"
    "ldap.usermembership.use.for.groups": "false"

      In the example above, foo will be the member of confluence-users after synchronization, but once foo logs into Confluence, he will no longer be a member of the said group.

      The group only exists once in the entire LDAP directory, and so is the user

      There are no synchronization errors in the logs whatsoever. The issue persists despite creating another directory with the same exact configuration in Confluence Administration >> User Directories, despite flushing all the caches, and a Confluence restart.

      This issue is resolved by upgrading to Confluence 5.5 or greater, which uses a newer version of embedded Crowd

      Attachments

        Activity

          People

            Unassigned Unassigned
            fsim Foo Sim (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: