Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.5.2, 7.8.0, 8.2.3
-
None
-
7.05
-
10
-
Severity 3 - Minor
-
0
-
Description
Problem Definition
When there is a LDAP directory with local group where the group in internal directory does not exist in LDAP, JIRA will synchronize the group to the LDAP. If the LDAP admin creates a new group with the same name in LDAP, JIRA will not create a new entry in cwd_group table which could prevent users in group from being synchronized.
Steps to reproduce:
- Create a group in Internal Directory.
- Create a LDAP connection with "Read only, Local group" option
- Add a user from LDAP to the new group.
- Perform full synchronization.
- Create a new group in LDAP with the identical name.
- Try to add a user to the same group again.
Problem mainly happens because there will be 2 entries in the cwd_group:
10362;"atl04";"atl04";1;1;"2017-09-25 15:55:38.685+00";"2017-09-25 15:55:38.685+00";"";"";"GROUP";10101 10363;"atl04";"atl04";1;0;"2017-09-25 15:55:38.715+00";"2017-09-25 15:55:38.715+00";"";"";"GROUP";1
We can see that there are 2 entries for the atl04 group where the top entry from LDAP shows that the group is not a local group and added from LDAP directly. Since the LDAP is configured with "Read only, local group", adding user to the group will fail since JIRA will try to connect to LDAP to add the user in LDAP group rather than adding to the local group.
Expected Result:
The Group Members from the LDAP side would be sync to JIRA.
Actual Result:
The Group Members are not synced as the member of the group.
Workaround
If user is using the "Read only, local group" option, updating the local entry from 1 to 0 will allow the user to be able to added to the local user.
Eg based on the query above:
update cwd_group set local = '0' where ID = 'ID of the group';
Attachments
Issue Links
- relates to
-
-
- Gathering Impact
-