-
Bug
-
Resolution: Fixed
-
Medium
-
3.5.13, 4.1.7
-
Confluence 3.5.13/4.1.7
PostgreSQL 8.4
Tested in Confluence 3.5.13 and Confluence 4.1.7. If a user name in LDAP has the case changed, the connector recognizes the change (and notes it in the log that it can't update the username), then proceeds to run an update against the membership table that fails, throwing this error and removing affected users' memberships in the database to their external LDAP groups:
2012-03-23 17:40:50,917 INFO [http-8090-2] [embedded.admin.list.DirectoriesController] sync User directory synchronisation requested: [ LDAP server ], type: [ CONNECTOR ] 2012-03-23 17:40:50,951 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache synchronisation for directory [ 98306 ] starting 2012-03-23 17:40:50,969 INFO [scheduler_Worker-5] [directory.ldap.cache.RemoteDirectoryCacheRefresher] findAllRemoteUsers found [ 6 ] remote users in [ 16ms ] 2012-03-23 17:40:50,982 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] getUsersToAddAndUpdate scanning [ 6 ] users to add or update 2012-03-23 17:40:50,983 WARN [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] getUsersToAddAndUpdate remote username [ CeltY ] casing differs from local username [ celty ]. User details will be kept updated, but the username cannot be updated 2012-03-23 17:40:50,984 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers scanned and compared [ 6 ] users for update in DB cache in [ 8ms ] 2012-03-23 17:40:50,985 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedUsers synchronised [ 6 ] users in [ 10ms ] 2012-03-23 17:40:50,986 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned and compared [ 6 ] users for delete in DB cache in [ 1ms ] 2012-03-23 17:40:50,987 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedUsersNotIn scanned for deleted users in [ 2ms ] 2012-03-23 17:40:51,003 INFO [scheduler_Worker-5] [directory.ldap.cache.RemoteDirectoryCacheRefresher] findAllRemoteGroups found [ 2 ] remote groups in [ 16ms ] 2012-03-23 17:40:51,004 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedGroups scanning [ 2 ] groups to add or update 2012-03-23 17:40:51,009 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] findGroupsToUpdate scanned and compared [ 2 ] groups for update in DB cache in [ 5ms ] 2012-03-23 17:40:51,011 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] addOrUpdateCachedGroups synchronized [ 2 ] groups in [ 7ms ] 2012-03-23 17:40:51,017 INFO [scheduler_Worker-5] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleteCachedGroupsNotIn scanned and compared [ 2 ] groups for delete in DB cache in [ 5ms ] 2012-03-23 17:40:51,040 INFO [scheduler_Worker-5] [directory.ldap.cache.AbstractCacheRefresher] synchroniseMemberships found [ 0 ] remote user-group memberships, [ 0 ] remote group-group memberships in [ 11ms ] 2012-03-23 17:40:51,048 INFO [scheduler_Worker-5] [directory.ldap.cache.AbstractCacheRefresher] synchroniseMemberships Migrated memberships for [1] of [2] groups 2012-03-23 17:40:51,107 INFO [scheduler_Worker-5] [directory.ldap.cache.AbstractCacheRefresher] synchroniseMemberships found [ 3 ] remote user-group memberships, [ 0 ] remote group-group memberships in [ 58ms ] 2012-03-23 17:40:51,256 ERROR [scheduler_Worker-5] [sf.hibernate.util.JDBCExceptionReporter] logExceptions ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership" 2012-03-23 17:40:51,258 ERROR [scheduler_Worker-5] [sf.hibernate.impl.SessionImpl] execute Could not synchronize database state with session 2012-03-23 17:40:51,282 WARN [scheduler_Worker-5] [persistence.hibernate.batch.AbstractBatchProcessor] processBatch batch failed falling back to individual processing java.lang.RuntimeException: could not flush session at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.flushSession(Hibernate2BatchProcessor.java:169) at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.commitTransaction(Hibernate2BatchProcessor.java:107) at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.afterProcessBatch(Hibernate2BatchProcessor.java:42) at com.atlassian.crowd.util.persistence.hibernate.batch.AbstractBatchProcessor.processBatch(AbstractBatchProcessor.java:160) at com.atlassian.crowd.util.persistence.hibernate.batch.AbstractBatchProcessor.execute(AbstractBatchProcessor.java:132) at com.atlassian.crowd.embedded.hibernate2.HibernateMembershipDao.addAll(HibernateMembershipDao.java:201) at com.atlassian.crowd.embedded.hibernate2.HibernateMembershipDao.addAllUsersToGroup(HibernateMembershipDao.java:59) at com.atlassian.confluence.user.crowd.CachedCrowdMembershipDao.addAllUsersToGroup(CachedCrowdMembershipDao.java:100) at com.atlassian.crowd.directory.CachingDirectory.addAllUsersToGroup(CachingDirectory.java:125) at com.atlassian.crowd.directory.DbCachingRemoteChangeOperations.addUserMembershipsForGroup(DbCachingRemoteChangeOperations.java:750) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.atlassian.crowd.directory.$Proxy976.addUserMembershipsForGroup(Unknown Source) at com.atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations.syncUserMembersForGroup(DirectoryCacheImplUsingChangeOperations.java:116) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:155) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:44) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: net.sf.hibernate.exception.ConstraintViolationException: could not insert: [com.atlassian.crowd.embedded.hibernate2.HibernateMembership#294918] at net.sf.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:62) at net.sf.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) at net.sf.hibernate.persister.AbstractEntityPersister.convert(AbstractEntityPersister.java:1331) at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:472) at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:436) at net.sf.hibernate.impl.ScheduledInsertion.execute(ScheduledInsertion.java:37) at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2447) at net.sf.hibernate.impl.SessionImpl.executeAll(SessionImpl.java:2433) at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2390) at net.sf.hibernate.impl.SessionImpl.flush(SessionImpl.java:2259) at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.flushSession(Hibernate2BatchProcessor.java:165) ... 31 more Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership" at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2102) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1835) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:500) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:388) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:334) at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105) at net.sf.hibernate.impl.NonBatchingBatcher.addToBatch(NonBatchingBatcher.java:22) at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:462) ... 38 more
My guess is that there's a dirty transaction going on and the cwd_membership/row. One transaction deletes data from the tables, and the other attempts to insert, but the row still exists in it's transaction that was created prior to the delete committing.
Fix
Change the case of the username back to what it was in the source system. This must match the case in Confluence to avoid these sync issues.
Workaround
Forcing a sync, or waiting for the automatic task, will restore the membership to the table as there is no longer a row to conflict with in the cwd_membership table.
Secondary Workaround
If the preceding workaround does not work please try enacting the following steps to force remove all the of the groups.
1. Login to Confluence admin
2. Turn off naive DN matching
3. Perform full directory sync
4. Turned on naive DN matching
5. Perform full directory sync
- is related to
-
CONFSERVER-32229 Changing groupname casing in external user management causes intermittent loss of group membership
- Closed
-
CWD-2854 Mixed case with LDAP, couldn't synchronize users and groups
- Closed
-
CWD-2893 When sAMAccountName casing does not match cn (User Logon Name (pre-Windows 2000) does not match User Logon Name), or casing of a user or group name has changed from original casing, synchs fail and access is affected
- Closed
- relates to
-
CONFSERVER-28190 Adding a user in Confluence to a group in a Read/Write JIRA User Directory results in failed synchronisation
- Closed
-
CONFSERVER-25646 Mixed case usernames can break connection between Confluence and JIRA for User Management
- Closed