-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
3
-
13
-
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Whatever the administrator enters in as the "Group name attribute" must be unique for all groups in the LDAP server. Typically this is the "CN" attribute.
In the event that two different entities in LDAP are found with the same value for that attribute (CN), you receive the following stack trace.
2011-09-01 00:26:43,979 ERROR [QuartzScheduler_Worker-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 142802946 ]. java.lang.IllegalArgumentException: duplicate key: duplicatedGroupName at com.google.common.collect.RegularImmutableMap.<init>(RegularImmutableMap.java:62) at com.google.common.collect.ImmutableMap$Builder.fromEntryList(ImmutableMap.java:210) at com.google.common.collect.ImmutableMap$Builder.build(ImmutableMap.java:196) at com.google.common.collect.Maps.uniqueIndex(Maps.java:456) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:126)
Excluding these duplicates from the sync is not possible due to the fact that we can't control the order in which groups are returned from the LDAP server. If the ordering were to change between syncs, the memberships could keep changing on the Confluence side.
The solution to this problem is to amalgamate memberships for groups which share the same name on the remote server. We should make this an option in the LDAP configuration.
- is blocked by
-
CWD-3227 Merge memberships for groups with duplicate names during LDAP directory sync
- Closed
- is duplicated by
-
JRASERVER-27353 JIRA Sync Fails when detecting duplicate memberships
- Closed
- is related to
-
CWD-2681 Crowd 2.3.3 does not sync user memberships when multiple LDAP groups have the same name
- Closed
-
CWD-2504 Synchronization with JIRA/Confluence fail with duplicate entry
- Closed
-
JRASERVER-26164 JIRA uses the CN attribute for Active Directory LDAP, but this is not guaranteed unique.
- Gathering Impact
-
CWD-2441 Use sAMAccountName attribute for group name by default when using Active Directory
- Closed
- relates to
-
CONFCLOUD-23213 Merge memberships for groups with duplicate names during LDAP directory sync
- Gathering Interest
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...