Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-38569

Users logging into a delegated directory aren't indexed if the userinfo record already exists

      Summary

      When a user logs in via a delegated directory, Confluence creates a USERINFO record in the content table, and submits that for re-indexing. This allows the newly logged in user to be mentioned, and visible in the people directory.

      If the USERINFO record exists (because a connector type directory was used previously), then the record will not be submitted for reindexing.

      Scenario1 : Confluence - LDAP

      Steps to reproduce
      1. Setup Confluence with a Connector to an LDAP directory, and sync it.
      2. Remove the LDAP directory, shut down Confluence and delete the index folder
      3. Start Confluence, and rebuild the index
      4. Verify you can mention a user on a page, but when you attempt to save the page, Confluence reports A link in the editor with the alias '<user name>' could not be found. The resource may no longer exist.
      5. Subsequent attempts to mention that user produce no results
      6. Create a delegated LDAP directory with the same settings
      7. Log in as the same user you attempted to mention in Step 4
      8. Attempt to mention this user, or search for the user in the people directory
      Expected Results

      The user should be mentionable, and visible in the people directory

      Actual Results

      The user can't be found or mentioned until a reindex is performed.

      Scenario2 : Confluence - Crowd

      Steps to reproduce
      1. Setup Confluence and Crowd that contains a user that does not belong to any groups, and sync it
      2. In Crowd, go to Application setting, add "confluence-users" into the Automatically assigned to list
      3. In Confluence User Directory settings, make sure that the "Update group memberships when logging in" has been set to "Every time the user logs in"
      4. In Confluence, attempt to mention the user
      Expected Results

      The user should be mentionable, and visible in the people directory

      Actual Results

      The user can't be found or mentioned, not visible in the people directory until a reindex is performed.

      Investigation Notes

      We discovered through debug logging that although the user logs in, no submission is made to the journal.
      By right, as the user's group membership of this user will be updated on login, Confluence should've add an entry to the journalentry table for this user detail's changes to be reindexed.
      There's also a cache or something of usernames, as the user is visible in the mention list (after the connector is removed) but as soon as we attempted to mention that user the entry was removed and subsequent mentions failed.

      Confluence should submit the USERINFO record regardless of if it was created or if it existed.

          Form Name

            [CONFSERVER-38569] Users logging into a delegated directory aren't indexed if the userinfo record already exists

            @eli.cohen
            We did also witness the same scenario, where user could not log in into confluence, hopefully we will at least get some kind of workaround

            felix garnter added a comment - @eli.cohen We did also witness the same scenario, where user could not log in into confluence, hopefully we will at least get some kind of workaround

            eli.cohen added a comment - - edited

            additionally, the users which are effected by this bug are not able to log into confluence, which affects the entire organization and the only workaround for that would be to re-index the user with crowd which with the size of our organization (~ 100k user) is really time consuming. 

            Version 7.13.7

            eli.cohen added a comment - - edited additionally, the users which are effected by this bug are not able to log into confluence , which affects the entire organization and the only workaround for that would be to re-index the user with crowd which with the size of our organization (~ 100k user) is really time consuming.  Version 7.13.7

            Hoping for an update! 

            James DellaGuardia added a comment - Hoping for an update! 

            WPSC added a comment -

            Creating a Windows Active Directory directory in confluence pulls in all the user account and creates entries in the user_mapping and CONTENT tables. Deleting the directory removes the users from embedded crowd (cwd_user) but does not clean up the CONTENT and user_mapping entries. Later when a delegated LDAP directory is created and a user logs in, the user already exists in user_mapping and CONTENT, no attempt is made to create a journal entry to index the user. Two fixes seem possible:

            1. Clean up user_mapping and CONTENT when a directory is deleted
            2. Don't abort the indexing process for a new user just because entries exist in the user_mapping and CONTENT tables.

            WPSC added a comment - Creating a Windows Active Directory directory in confluence pulls in all the user account and creates entries in the user_mapping and CONTENT tables. Deleting the directory removes the users from embedded crowd (cwd_user) but does not clean up the CONTENT and user_mapping entries. Later when a delegated LDAP directory is created and a user logs in, the user already exists in user_mapping and CONTENT, no attempt is made to create a journal entry to index the user. Two fixes seem possible: Clean up user_mapping and CONTENT when a directory is deleted Don't abort the indexing process for a new user just because entries exist in the user_mapping and CONTENT tables.

              Unassigned Unassigned
              dnorton@atlassian.com Dave Norton
              Affected customers:
              43 This affects my team
              Watchers:
              37 Start watching this issue

                Created:
                Updated: