Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-2681

Crowd 2.3.3 does not sync user memberships when multiple LDAP groups have the same name

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Highest
    • Resolution: Not a bug
    • 2.3.3
    • 2.3.5
    • Directory - LDAP
    • None

    Description

      Crowd 2.3.3 seems to have a problem syncing user memberships from LDAP (using Connector).

      Tests:

      I personally tested this with Apache Directory Server 1.5, using the same settings as my LDAP connector in Crowd 2.1.1 (which is working fine). I tried enabling and disabling Node Referrals, Nested Groups, Use the User Membership Attribute, Use Paged Results, Naive DN Matching, and made sure that I configured the user and group as well as membership attributes according to my Crowd 2.1.1 settings that works fine. Nothing seems to work, groups and users are pulled accordingly, but memberships are not.

      Log output:

      2011-10-05 14:23:47,440 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 32770 ] starting
      2011-10-05 14:23:47,661 scheduler_Worker-4 INFO [directory.ldap.util.DirectoryAttributeRetriever] Unsafe or Blank attribute value for attribute <mail>: ' '.
      2011-10-05 14:23:47,697 scheduler_Worker-4 INFO [directory.ldap.util.DirectoryAttributeRetriever] Unsafe or Blank attribute value for attribute <mail>: ' '.
      2011-10-05 14:23:47,698 scheduler_Worker-4 INFO [directory.ldap.cache.RemoteDirectoryCacheRefresher] found [ 16 ] remote users in [ 258ms ]
      2011-10-05 14:23:47,701 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 16 ] users to add or update
      2011-10-05 14:23:47,703 scheduler_Worker-4 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 16 ] users for update in DB cache in [ 5ms ]
      2011-10-05 14:23:47,703 scheduler_Worker-4 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 16 ] users in [ 5ms ]
      2011-10-05 14:23:47,707 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 16 ] users for delete in DB cache in [ 3ms ]
      2011-10-05 14:23:47,707 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned for deleted users in [ 3ms ]
      2011-10-05 14:23:47,740 scheduler_Worker-4 INFO [directory.ldap.cache.RemoteDirectoryCacheRefresher] found [ 11 ] remote groups in [ 31ms ]
      2011-10-05 14:23:47,740 scheduler_Worker-4 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 11 ] groups to add or update
      2011-10-05 14:23:47,744 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 11 ] groups for update in DB cache in [ 3ms ]
      2011-10-05 14:23:47,747 scheduler_Worker-4 INFO [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 11 ] groups in [ 7ms ]
      2011-10-05 14:23:47,751 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 11 ] groups for delete in DB cache in [ 4ms ]
      2011-10-05 14:23:47,752 scheduler_Worker-4 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] full synchronisation complete in [ 312ms ]
      2011-10-05 14:23:47,781 scheduler_Worker-4 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ].
      java.lang.IllegalArgumentException: duplicate key: confluence-users
      	at com.google.common.collect.RegularImmutableMap.<init>(RegularImmutableMap.java:62)
      	at com.google.common.collect.ImmutableMap$Builder.fromEntryList(ImmutableMap.java:210)
      	at com.google.common.collect.ImmutableMap$Builder.build(ImmutableMap.java:196)
      	at com.google.common.collect.Maps.uniqueIndex(Maps.java:456)
      	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:126)
      	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:44)
      	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
      	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
      	at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
      	at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29)
      	at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86)
      	at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
      	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
      

      Removing the duplicate key from the database and re-syncing removes that particular error, but the memberships are still not synced.

      Note

      This issue affects Active Directory as well, as reported by one of my customer. He has a pretty similar log output as well.

      Attachments

        Issue Links

          Activity

            People

              jwalton joe
              fsim Foo Sim (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: