Full Synchronisation in between Crowd and any of the Atlassian Applications fails due to multiple users with the same External ID.
It is unclear how Crowd duplicate External_IDs in its database without manual intervention, but, to replicate this problem we should:
- Select one of the Atlassian applications and connect it to Crowd as the User Management platform. For this scenario, Confluence was chosen.
- With that completed, add two users to Crowd, specifically to the directory where Confluence is reading users from. For this scenario, we added User1 and User2.
- Open Crowd database and run the following query to set both users with the same External ID:
- With that completed, run a Synchronisation through Confluence User Directory screen, it will fail.
The synchronisation fails due to the following error - Multiple entries with the same key:
In order to confirm that your instance is indeed affected by this issue, you need to see above stack trace in your logs and the query below should return results - Don't forget to replace the ID of the affected directory below:
In case you don't have the ID of the affected directory, run the query below:
Once you have the results handy, you have to:
- Access Crowd and remove the affected users from the directory Confluence (or other application) is syncing to.
- If you are using a LDAP Connector (not a Delegated Directory nor a Crowd Internal Directory), you need to run the clean-up at your LDAP too or filter the duplicated users through a LDAP query.
- In case those users are not supposed to have access anymore, proceed to the next step. Else, re-add those users to Crowd and grant them access to the directory Confluence (or other application) is syncing to. This will generate new External IDs for them.
- Synchronise directories through Confluence (or other application) user directory screen.
Perhaps this bug can be fixed through adding a constraint under cwd_user table that specifies one external_id per directory_id. There's a unique key constraint currently that defines one lower_user_name per directory. This Feature request is logged here: https://jira.atlassian.com/browse/CWD-3882
- As a possible, examine the duplicate records returned by the diagnostic query above and determine which user_name entry that you want to be used for the user.
- For the other record of the user, set the external_id to a text entry such as 'invalid'. For example: