-
Bug
-
Resolution: Cannot Reproduce
-
Medium
-
None
-
5.7, 5.8.9, 5.10.8, 6.2.1
-
26
-
Severity 2 - Major
-
13
-
If the cases in the remote and local User Directories are mismatched as far as casing goes, synchronisation will fail.
This is similar to JRA-29025 however it has not been fixed for group names, only usernames. Please fix this for group names!
2014-01-09 15:12:01,619 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10000 ] starting 2014-01-09 15:12:01,634 QuartzScheduler_Worker-1 INFO ServiceRunner [directory.ldap.cache.UsnChangedCacheRefresher] found [ 0 ] changed remote users in [ 12ms ] 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] users for delete in DB cache in [ 0ms ] 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleting [ 0 ] users 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleted [ 0 ] users in [ 0ms ] 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 0 ] users to add or update 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 0 ] users for update in DB cache in [ 0ms ] 2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 0 ] users in [ 0ms ] 2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1 ] changed remote groups in [ 15ms ] 2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1 ] groups to add or update 2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 WARN ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] remote group name [ ninja-superstar ] casing differs from local group name [ Ninja-Superstar ]. Group details will be kept updated, but the group name cannot be updated 2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1 ] groups for update in DB cache in [ 1ms ] 2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1 ] groups in [ 1ms ] 2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ] 2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups 2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups in [ 0ms ] 2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner [atlassian.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10000 ] in [ 36ms ]
To Replicate
- Add a new user from Active Directory.
- Synchronise that user.
- Change one of the groups the user belongs to to uppercase, e.g.: change Ninja-Superstar to ninja-superstar.
- Attempt to login.
Expected Results
The user logs in without any worries.
Actual Results
The user logs in and loses the group(s) that have a mismatch in case sensitivity.
A synchronisation may bring them back, however as soon as they login the groups are lost.
Workaround
- Schedule a downtime window, as users will be unable to login during these changes.
- Log in as an administrator within the Confluence Internal Directory. If one does not exist, create it
- Disable the problematic User Directory.
- Create a new User Directory within Confluence, using the same settings as the old one.
- Test the synchronisation and ensure that synchronisation completes successfully. If so, use this new directory.
If you have a User Directory set up with the Read Only, with Local Groups permission settings you will no longer have the local groups set up in the database when the user directory is disabled. The project roles will not be affected.
If you are using Microsoft AD, you can try to use the adsiedit.msc to change the group attribute for the group name to lowercase in the AD.
- relates to
-
CONFSERVER-32229 Changing groupname casing in external user management causes intermittent loss of group membership
- Closed
-
JRASERVER-36424 Mixed case group names breaks the connection between JIRA and LDAP for User Management
- Closed