Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3900

Mixed case group names breaks the connection between JIRA and LDAP for User Management

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • None
    • 2.8.0-OD-6
    • Integration - JIRA

      If the cases in the remote and local User Directories are mismatched as far as casing goes, synchronisation will fail.

      This is similar to JRA-29025 however it has not been fixed for group names, only usernames. Please fix this for group names!

      The following may be found within atlassian-jira.log:

      atlassian-jira.log
      2014-01-09 15:12:01,619 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10000 ] starting
2014-01-09 15:12:01,634 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 0 ] changed remote users in [ 12ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] users for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleting [ 0 ] users
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleted [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 0 ] users to add or update
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 0 ] users for update in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1 ] changed remote groups in [ 15ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1 ] groups to add or update
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] remote group name [ ninja-superstar ] casing differs from local group name [ Ninja-Superstar ]. Group details will be kept updated, but the group name cannot be updated
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1 ] groups for update in DB cache in [ 1ms ]
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1 ] groups in [ 1ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10000 ] in [ 36ms ]

      To Replicate

      1. Add a new user from Active Directory.
      2. Synchronise that user.
      3. Change one of the groups the user belongs to to uppercase, e.g.: change Ninja-Superstar to ninja-superstar.
      4. Attempt to login.

      Expected Results

      The user logs in without any worries.

      Actual Results

      The user logs in and loses the group(s) that have a mismatch in case sensitivity.

      A synchronisation may bring them back, however as soon as they login the groups are lost.

      Workaround

      1. Schedule a downtime window, as users will be unable to login during these changes.
      2. Log in as an administrator within the JIRA Internal Directory. If one does not exist, create it.
      3. Disable the problematic User Directory.
      4. Create a new User Directory within JIRA, using the same settings as the old one.
      5. Test the synchronisation and ensure that synchronisation completes successfully. If so, use this new directory.

      If you have a User Directory set up with the Read Only, with Local Groups permission settings you will no longer have the local groups set up in the database when the user directory is disabled. The project roles will not be affected.

      If you are using Microsoft AD, you can try to use the adsiedit.msc to change the SAMAccountName attribute for the users to lowercase in the LDAP.

              aglowacki Arkadiusz Glowacki (Inactive)
              dcurrie@atlassian.com Dave C
              Votes:
              6 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: