Description
Environment:
- JIRA 4.3.x and/or Confluence 3.5.x with Crowd Connector
- Crowd with LDAP/AD connectors
As per your investigations, it does look like a mixed case username has somehow sneaked in to one of the directories.
Sync in JIRA fail with:
2011-06-08 13:10:47,968 QuartzWorker-1 ERROR ServiceRunner [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ]. com.atlassian.crowd.embedded.ofbiz.db.DataAccessException: org.ofbiz.core.entity.GenericEntityException: while inserting: [GenericEntity:Membership][id,11072][membershipType,GROUP_USER][lowerParentName,dcc_users][parentId,10415][childId,10422][childName,MWong][lowerChildName,mwong][directoryId,10000][parentName,dcc_users] (SQL Exception while executing the following:INSERT INTO cwd_membership (ID, parent_id, child_id, membership_type, group_type, parent_name, lower_parent_name, child_name, lower_child_name, directory_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (Duplicate entry '10415-10422-GROUP_USER' for key 2)) at com.atlassian.crowd.embedded.ofbiz.db.OfBizHelper.createValue(OfBizHelper.java:167) at com.atlassian.crowd.embedded.ofbiz.OfBizInternalMembershipDao.createMembership(OfBizInternalMembershipDao.java:112) at com.atlassian.crowd.embedded.ofbiz.OfBizInternalMembershipDao.addUserToGroup(OfBizInternalMembershipDao.java:105) at com.atlassian.crowd.embedded.ofbiz.OfBizDelegatingMembershipDao.addUserToGroup(OfBizDelegatingMembershipDao.java:71) at com.atlassian.crowd.embedded.ofbiz.OfBizDelegatingMembershipDao.addAllUsersToGroup(OfBizDelegatingMembershipDao.java:44) at com.atlassian.crowd.directory.CachingDirectory.addAllUsersToGroup(CachingDirectory.java:125) at com.atlassian.crowd.directory.DbCachingRemoteDirectoryCache.syncUserMembershipsForGroup(DbCachingRemoteDirectoryCache.java:671) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMembershipsForGroup(AbstractCacheRefresher.java:126) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:63) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:37) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:645) at com.atlassian.crowd.manager.directory.DirectorySynchroniserHelperImpl.synchronise(DirectorySynchroniserHelperImpl.java:84) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34) at org.quartz.core.JobRunShell.run(JobRunShell.java:195) at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: org.ofbiz.core.entity.GenericEntityException: while inserting: [GenericEntity:Membership][id,11072][membershipType,GROUP_USER][lowerParentName,dcc_users][parentId,10415][childId,10422][childName,MWong][lowerChildName,mwong][directoryId,10000][parentName,dcc_users] (SQL Exception while executing the following:INSERT INTO cwd_membership (ID, parent_id, child_id, membership_type, group_type, parent_name, lower_parent_name, child_name, lower_child_name, directory_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (Duplicate entry '10415-10422-GROUP_USER' for key 2)) at org.ofbiz.core.entity.GenericDAO.singleInsert(GenericDAO.java:156) at org.ofbiz.core.entity.GenericDAO.insert(GenericDAO.java:121) at org.ofbiz.core.entity.GenericHelperDAO.create(GenericHelperDAO.java:63) at org.ofbiz.core.entity.GenericDelegator.create(GenericDelegator.java:489) at org.ofbiz.core.entity.GenericDelegator.create(GenericDelegator.java:469) at org.ofbiz.core.entity.GenericValue.create(GenericValue.java:77) at com.atlassian.crowd.embedded.ofbiz.db.OfBizHelper.createValue(OfBizHelper.java:162) ... 17 more
Sync in Confluence fail with:
2011-06-09 14:53:37,054 ERROR [QuartzScheduler_Worker-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 7405569 ]. java.lang.IllegalStateException: Found duplicate memberships for user in directory 7405569, group dcc_users, user JBaran at com.atlassian.crowd.embedded.hibernate2.HibernateMembershipDao$1.doInHibernate(HibernateMembershipDao.java:150) at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:370) at org.springframework.orm.hibernate.HibernateTemplate.execute(HibernateTemplate.java:337) at com.atlassian.crowd.embedded.hibernate2.HibernateMembershipDao.internalFindUserMembership(HibernateMembershipDao.java:137) at com.atlassian.crowd.embedded.hibernate2.HibernateMembershipDao.removeUserFromGroup(HibernateMembershipDao.java:109) at com.atlassian.confluence.user.crowd.CachedCrowdMembershipDao.removeUserFromGroup(CachedCrowdMembershipDao.java:93) at com.atlassian.crowd.directory.AbstractInternalDirectory.removeUserFromGroup(AbstractInternalDirectory.java:718) at com.atlassian.crowd.directory.DbCachingRemoteChangeOperations.removeUserMembershipsForGroup(DbCachingRemoteChangeOperations.java:684) at sun.reflect.GeneratedMethodAccessor393.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.atlassian.crowd.directory.$Proxy672.removeUserMembershipsForGroup(Unknown Source) at com.atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations.syncUserMembershipsForGroup(DirectoryCacheImplUsingChangeOperations.java:117) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMembershipsForGroup(AbstractCacheRefresher.java:126) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:63) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:37) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:645) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:14) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Enforcing Lower-Case Usernames, Groups and Roles for an Application disabling the existing Crowd directory and recreating it in JIRA/Confuence solves the problem.
Attachments
Issue Links
- is duplicated by
-
CWD-2796 Directory replication fails when duplicate groups are encountered
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Short Term Backlog
-
-
CWD-3227 Merge memberships for groups with duplicate names during LDAP directory sync
- Closed
-
- Gathering Interest
-
- Gathering Interest
(1 relates to, 2 mentioned in)