Loading...

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.2.6, 6.3-OD-6
Affects Version/s: 6.1.2, 6.1.5, 6.1.7
Component/s: User Management - LDAP Integration
Labels:
- affects-server
- st10

Introduced in Version:
6.01
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

If the cases in the remote and local User Directories are mismatched as far as casing goes, synchronisation will fail.

This is similar to ~~JRA-29025~~ however it has not been fixed for group names, only usernames. Please fix this for group names!

The following may be found within atlassian-jira.log:

atlassian-jira.log

2014-01-09 15:12:01,619 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10000 ] starting
2014-01-09 15:12:01,634 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 0 ] changed remote users in [ 12ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] users for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleting [ 0 ] users
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleted [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 0 ] users to add or update
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 0 ] users for update in DB cache in [ 0ms ]
2014-01-09 15:12:01,635 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 0 ] users in [ 0ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1 ] changed remote groups in [ 15ms ]
2014-01-09 15:12:01,650 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1 ] groups to add or update
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] remote group name [ ninja-superstar ] casing differs from local group name [ Ninja-Superstar ]. Group details will be kept updated, but the group name cannot be updated
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1 ] groups for update in DB cache in [ 1ms ]
2014-01-09 15:12:01,651 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1 ] groups in [ 1ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups in [ 0ms ]
2014-01-09 15:12:01,655 QuartzScheduler_Worker-1 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10000 ] in [ 36ms ]

To Replicate

Add a new user from Active Directory.
Synchronise that user.
Change one of the groups the user belongs to to uppercase, e.g.: change Ninja-Superstar to ninja-superstar.
Attempt to login.

Expected Results

The user logs in without any worries.

Actual Results

The user logs in and loses the group(s) that have a mismatch in case sensitivity.

A synchronisation may bring them back, however as soon as they login the groups are lost.

Workaround

Schedule a downtime window, as users will be unable to login during these changes.
Log in as an administrator within the JIRA Internal Directory. If one does not exist, create it.
Disable the problematic User Directory.
Create a new User Directory within JIRA, using the same settings as the old one.
Test the synchronisation and ensure that synchronisation completes successfully. If so, use this new directory.

If you have a User Directory set up with the Read Only, with Local Groups permission settings you will no longer have the local groups set up in the database when the user directory is disabled. The project roles will not be affected.

If you are using Microsoft AD, you can try to use the adsiedit.msc to change the SAMAccountName attribute for the users to lowercase in the LDAP.

Attachments

Issue Links

is caused by

CWD-3764 Changing groupname casing causes intermittent loss of group membership in Confluence and JIRA

Closed

JRASERVER-29025 Mixed case usernames breaks the connection between JIRA and LDAP for User Management

Closed

is related to

CONFSERVER-37877 Mixed case group names/username breaks the connection between Confluence and LDAP for User Management

Closed

JRASERVER-62234 Mixed case group names on LDAP for User Management still throws error in Log

Gathering Impact

relates to

JRASERVER-38362 Upgrade crowd in JIRA to version 2.8.1-rc

Closed

JDEV-31112 Loading...

was cloned as

CWD-3900 Mixed case group names breaks the connection between JIRA and LDAP for User Management

Closed

mentioned in: Page Loading...; Page Loading...

(1 relates to, 1 was cloned as, 2 mentioned in)

Mixed case group names breaks the connection between JIRA and LDAP for User Management