Summary

When using Nested Sub Groups, with multiple directories, relationships between groups are only created for the first directory server listed under 'User Directories'

If you create a relationship between Grandparent Group and Child Group using the Adding and Updating Group Memberships process, JIRA will record this relationship for what ever directory server is listed as the first directory server. This is OK if the user is authenticated against the first user directory but fails if the user is authenticated against the 1+nth directory.

Environment

JIRA using multiple User Directories.

Steps to Reproduce

1. Create a JIRA instance with two directories.
2. Enable Nested local groups for all directory servers
3. Create group: Parent and Child
4. Create relationship (nested) between these groups
5. Add a user from first and second directory to Child group
6. Set up some Global permission for Parent group
7. One User will have permissions (from first directory) while other will not.

Expected Results

When creating relationships between nested groups, they should be applied consistently across the entire environment.

Actual Results

When creating the relationship, only one entry is recorded in the database between parent and child, in this example the internal directory was the top group.

select id, membership_type, parent_name, child_name, directory_id from cwd_membership where parent_name = 'Parent Group';

The results will be:

  id   | membership_type | parent_name  | child_name  | directory_id
-------+-----------------+--------------+-------------+--------------
 10117 | GROUP_GROUP     | Parent Group | Child Group |            1

Workaround

Temporarily rotate the top User Directory, to create the relationships for each of the groups:

1. Move lower directories to the top and add new group memberships for each directory
2. After the new memberships have been added, you can revert the directory order to the original or required setting.