Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-37877

Mixed case group names/username breaks the connection between Confluence and LDAP for User Management

    XMLWordPrintable

Details

    Description

      If the cases in the remote and local User Directories are mismatched as far as casing goes, synchronisation will fail.

      This is similar to JRA-29025 however it has not been fixed for group names, only usernames. Please fix this for group names!

      2014-01-09 15:12:01,619 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10000 ] starting
2014-01-09 15:12:01,634 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 0 ] changed remote users in [ 12ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] users for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleting [ 0 ] users
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleted [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 0 ] users to add or update
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 0 ] users for update in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1 ] changed remote groups in [ 15ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1 ] groups to add or update
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] remote group name [ ninja-superstar ] casing differs from local group name [ Ninja-Superstar ]. Group details will be kept updated, but the group name cannot be updated
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1 ] groups for update in DB cache in [ 1ms ]
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1 ] groups in [ 1ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10000 ] in [ 36ms ]

      To Replicate

      1. Add a new user from Active Directory.
      2. Synchronise that user.
      3. Change one of the groups the user belongs to to uppercase, e.g.: change Ninja-Superstar to ninja-superstar.
      4. Attempt to login.

      Expected Results

      The user logs in without any worries.

      Actual Results

      The user logs in and loses the group(s) that have a mismatch in case sensitivity.

      A synchronisation may bring them back, however as soon as they login the groups are lost.

      Workaround

      1. Schedule a downtime window, as users will be unable to login during these changes.
      2. Log in as an administrator within the Confluence Internal Directory. If one does not exist, create it
      3. Disable the problematic User Directory.
      4. Create a new User Directory within Confluence, using the same settings as the old one.
      5. Test the synchronisation and ensure that synchronisation completes successfully. If so, use this new directory.

      If you have a User Directory set up with the Read Only, with Local Groups permission settings you will no longer have the local groups set up in the database when the user directory is disabled. The project roles will not be affected.

      If you are using Microsoft AD, you can try to use the adsiedit.msc to change the group attribute for the group name to lowercase in the AD.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-32229 Changing groupname casing in external user management causes intermittent loss of group membership

          • Medium - Medium priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-36424 Mixed case group names breaks the connection between JIRA and LDAP for User Management

          • Medium - Medium priority issues
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              epyshnograev Efim (Inactive)
              wwong Wayne Wong (Inactive)
              Votes:
              23 Vote for this issue
              Watchers:
              29 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: