-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Low
-
None
-
Affects Version/s: None
-
Component/s: Directory - LDAP
-
25
-
Severity 3 - Minor
-
8
Summary
When a directory has been configured such that the attribute mapped to username in the application is not a guaranteed unique field, and then two objects exist in the scope of the base DN where that field has duplicated, then there's errors when synchronising the directory. The synchronisation overall still reports success, despite this causing problems with the user cache, as per the knowledge base article with the workaround at LDAP Synchronization Fails due to java.lang.RuntimeException: Confluence does not support individual processing
Steps to Reproduce
Note: Reproduced this myself using Confluence / Embedded Crowd
- Add a directory such as MS AD
- Configure the mapped field to username as mail (which is MS AD is not guaranteed to be unique)
- Add two users in the scope of the base DN with the mail field set to the same value
- Synchronise the directory and observe the errors in the log file, but the success reported of the synchronisation
Expected Results
I would expect if there was an error in synchronisation that this would be reported in the user interface and logs
Actual Results
The below exceptions are thrown in the atlassian-confluence.log file:
2017-07-19 18:36:42,612 ERROR [Caesium-1-1] [engine.jdbc.spi.SqlExceptionHelper] logExceptions ERROR: duplicate key value violates unique constraint "cwd_user_name_dir_id" Detail: Key (lower_user_name, directory_id)=(david123@atlassian.com, 1048577) already exists. 2017-07-19 18:36:42,615 WARN [Caesium-1-1] [persistence.hibernate.batch.AbstractBatchProcessor] processBatch batch failed falling back to individual processing java.lang.RuntimeException: could not flush session at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.flushSession(Hibernate2BatchProcessor.java:141) at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.commitTransaction(Hibernate2BatchProcessor.java:94) ...etc... Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "cwd_user_name_dir_id" Detail: Key (lower_user_name, directory_id)=(david123@atlassian.com, 1048577) already exists. at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2455) ...etc... 2017-07-19 18:36:42,617 ERROR [Caesium-1-1] [persistence.hibernate.batch.AbstractBatchProcessor] processIndividual Could not process class com.atlassian.crowd.util.persistence.hibernate.batch.TransactionGroup: com.atlassian.crowd.util.persistence.hibernate.batch.TransactionGroup@7f5e440c[primaryObject=com.atlassian.crowd.model.user.InternalUser@4d509773[id=1179691,name=david123@atlassian.com,createdDate=Wed Jul 19 18:36:42 AEST 2017,updatedDate=Wed Jul 19 18:36:42 AEST 2017,active=true,emailAddress=david123@atlassian.com,firstName=David 123,lastName=User1 Test,displayName=David 123 User1 Test,credential=com.atlassian.crowd.embedded.api.PasswordCredential@367cbf9b[credential=********,encryptedCredential=true],lowerName=david123@atlassian.com,lowerEmailAddress=david123@atlassian.com,lowerFirstName=david 123,lowerLastName=user1 test,lowerDisplayName=david 123 user1 test,directoryId=1048577,externalId=e3ec2ec9f46e6c419cab201ecc870381]] java.lang.RuntimeException: Confluence does not support individual processing at com.atlassian.crowd.embedded.hibernate2.batch.Hibernate2BatchProcessor.beforeProcessIndividual(Hibernate2BatchProcessor.java:50) ...etc...
These may vary in other applications with embedded crowd.
Workaround
- Ensure there are never any objects which duplicate this field in the source directory
- Flush the directory cache as per the workaround on LDAP Synchronization Fails due to java.lang.RuntimeException: Confluence does not support individual processing