-
Bug
-
Resolution: Fixed
-
Medium
-
4.3.7
-
3
-
Symptoms
When synchronising a directory from a user directory, it fails, with an error like the below:
2013-02-21 09:59:32,590 ERROR [scheduler_Worker-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 98307 ]. org.springframework.dao.DataIntegrityViolationException: Hibernate operation: could not insert: [com.atlassian.crowd.embedded.hibernate2.HibernateMembership#295380]; SQL []; ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership" Detail: Key (parent_id, child_user_id)=(163849, 229382) already exists.; nested exception is org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership" Detail: Key (parent_id, child_user_id)=(163849, 229382) already exists. at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:100) at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72) at org.springframework.orm.hibernate.HibernateTransactionManager.convertJdbcAccessException(HibernateTransactionManager.java:619) at org.springframework.orm.hibernate.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:605) at org.springframework.orm.hibernate.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:518) at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:732) at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:701) at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:321) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:116) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.atlassian.crowd.directory.$Proxy1476.addUserToGroup(Unknown Source) at com.atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations.addUserToGroup(DirectoryCacheImplUsingChangeOperations.java:187) at com.atlassian.crowd.directory.ldap.cache.EventTokenChangedCacheRefresher.synchroniseChanges(EventTokenChangedCacheRefresher.java:115) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:610) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership" Detail: Key (parent_id, child_user_id)=(163849, 229382) already exists. at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2102) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1835) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:500) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:388) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:334) at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105) at net.sf.hibernate.impl.NonBatchingBatcher.addToBatch(NonBatchingBatcher.java:22) at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:462) at net.sf.hibernate.persister.EntityPersister.insert(EntityPersister.java:436) at net.sf.hibernate.impl.ScheduledInsertion.execute(ScheduledInsertion.java:37) at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2464) at net.sf.hibernate.impl.SessionImpl.executeAll(SessionImpl.java:2450) at net.sf.hibernate.impl.SessionImpl.execute(SessionImpl.java:2407) at net.sf.hibernate.impl.SessionImpl.flush(SessionImpl.java:2276) at net.sf.hibernate.transaction.JDBCTransaction.commit(JDBCTransaction.java:61) at org.springframework.orm.hibernate.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:510) ... 17 more
Cause
A group membership is being synchronised from the remote directory which already exists, and Confluence is attempting to add this. There are a few reasons why the remote directory would synchronise such memberships, including but not limited to the following known bugs:
| |
Adding a user to a group locally on Confluence when using a read/write remote Crowd or JIRA directory |
| |
If a user exists in two directories in an application, and is added to a group in one directory that it was already in the other, clients get duplicate key errors |
Workaround
Flushing the cache of the directory will stop the error from happening, and cause the directory to synchronise fully, until the next time a duplicate group membership is sent from the remote directory. The simplest way of forcing this is:
- Disable the directory
- Enable the directory
For the specific causes there may be workarounds in the linked bug tickets.
- is caused by
-
-
- Closed
-
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-
- mentioned in
-
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page")
Page
No Confluence page found with the given URL.
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
[CONFSERVER-28194] Confluence attempts to apply group memberships when synchronising from a remote directory even if they already exist, causing a duplicate key violation
This happens to us whenever a list admin changes an LDAP list from "MyLIST to "mylist". This is pretty common as our List Manager is self-service.
If a list has been modified between logins for a user, that user loses access to Confluence...
In most cases we spend a lot of time comparing group names for affect user in Confluence against live LDAP and deleting the group from Confluence to force it to be re-added with the current name at user's next login.
Only then can the user login to Confluence again.
Please fix. Thanks!
Chris Engel
added a comment - Hello Support,
can you please stop changing the labels and instead fixing the Issue? It is open since 21/Feb/13. The workaround is helping, but no solution.
Chris Engel
added a comment - Hello Support,
can you please stop changing the labels and instead fixing the Issue? It is open since 21/Feb/13. The workaround is helping, but no solution. We have encountered this problem many times even though the user that stops the sync neither exists in two directories nor has been added to a group locally in Confluence (group membership matches that in Crowd perfectly). The user directory is set to "READ". We recently tried disabling and re-enabling the directory and that solved the problem for one week until it re-appeared. Now we tried disabling incremental sync and all of a sudden the sync worked perfectly. We will have to see if switching to full sync will solve the problem in the long run or if it will re-appear again. But maybe turning off incremental sync should be noted as a workaround in cases like ours.
Joel Holmberg
added a comment - - edited We have encountered this problem many times even though the user that stops the sync neither exists in two directories nor has been added to a group locally in Confluence (group membership matches that in Crowd perfectly). The user directory is set to "READ". We recently tried disabling and re-enabling the directory and that solved the problem for one week until it re-appeared. Now we tried disabling incremental sync and all of a sudden the sync worked perfectly. We will have to see if switching to full sync will solve the problem in the long run or if it will re-appear again. But maybe turning off incremental sync should be noted as a workaround in cases like ours. 
Ops Admin
added a comment - We just encountered this bug and didn't realize it was occurring until we received a report that a recently created user wasn't able to access spaces that their group membership should've allowed.
Ops Admin
added a comment - We just encountered this bug and didn't realize it was occurring until we received a report that a recently created user wasn't able to access spaces that their group membership should've allowed.
Looking through the code, it appears that this issue was fixed in Crowd 2.7, which was bundled in Confluence 5.3.
Is anyone experiencing this exact error on a version of Confluence above 5.3?
ERROR: duplicate key value violates unique constraint "cwd_unique_user_membership"I haven't been able to reproduce it but I know it can happen in a few different scenarios so my testing is likely not exhaustive. I'd really appreciate hearing from you if you're running into this.