-
Bug
-
Resolution: Fixed
-
Highest
-
3.1
-
compiled from source, running on tomcat 6.0.14, jdk1.6.0_16, debian lenny (stable)
same for the crowd instance.
Original Description
We've recently decided to clean up our permission scheme a bit, and part of this involved using nested groups. We already used Crowd to link our Confluence instance (as well as JIRA and some third-party things) to our Active Directory server, and Crowd supports nested groups so we didn't think there would be any problem.
Since then however, it happens regularly that users can't access a certain space in Confluence to which they should have access through nested groups. For example, there would be a space called "Human Resources", to which a group called "confluence-hr" has full access. Then there would be a group "Management" that is a member of the "confluence-hr" group amongst others, and obviously the management people are members of this group. The goal is to be able to add people to just one or two "role" groups like "Management" by which they get all the permissions they need, while also being able to keep fine-grained control, so that if someone needs just access to the HR space, we add them to the confluence-hr group and they don't get access to everything else like Management.
The only fix I've been able to find is restarting the Confluence instance. After a restart, everything works fine again, but a bit later the same problem arises. This happens sometimes several times a day, and it's very irritating. Can anyone suggest a proper fix for this, or is this a genuine bug?
Updated Description
This is caused by CWD-1996.
Workaround
We have still not been able to find the source of the problem within the confluence code, however we do know that someone the confluence caches are affecting the crowd caches.
We have attached the crowd-integration-client-2.0.7-CWD-1996.jar which shades net.sf.ehcache to com.atlassian.crowd.shaded.ehcache. What this means is that there is no possible way that Confluence could have any effect whatsoever with the Crowd integration client's caches. They are essentially different classes that Confluence knows nothing about.
To apply the patch, upgrade to crowd 2.0.7 and in your confluence instance, remove the any other Crowd integration client JARs from
CONFLUENCE_INSTALL/confluence/WEB-INF/lib
and place the attached crowd-integration-client-2.0.7-CWD-1996.jar and restart confluence.
This integration is being completely rewritten for Crowd 2.1 / Confluence 3.5, which will fix this bug permantently.
- is related to
-
CWD-1996 Crowd integration cache loses some nested groups
-
- Closed
-
-
CONFSERVER-17150 Support nested groups
- Closed
Hi Matt,
I am facing similar problem in ticket. My nested group is not effective after confluence service is restarted.
This is my situation:
We have group School_A . We also have group Class_B inside group School_A. In group Class_B, we create some users (user1, user2, user3). We create groups and users by Crowd
When Confluence server reboot or confluence service is restarted, I go to Confluence administrator page, -->go to Group in Users and Security directories, I do a search on School_A or Class_B, I don't see users in those group.
I have to go to User Directories and press Synchronize==> users will be shown back in groups of confluence
My crowd version is 3.7.1. My Confluence version is 7.2.0
Can you help me talk a look on it?
Thanks,
Navy