Details
-
Bug
-
Resolution: Fixed
-
Low
-
8.11.0, 8.12.0
-
8.11
-
1
-
Severity 2 - Major
-
2
-
Description
Issue Summary
From Jira 8.11 forward, Sync on Login feature from a delegated LDAP directory isn't working properly when having nested groups. It works perfectly on previous versions.
On Jira 8.11 there was an important upgrade for the Embedded Crowd from version 2.0 to 4.0, adding a lot of new features and fixing bugs as per the release notes.
Notice this behaviour is observed on non-Nested user groups as well
Steps to Reproduce
- Have a delegated LDAP directory with Nested Groups enabled and configured. Jira will be filtering for a group, and within that group other groups where users will be.
- This group will have Sync on Login enabled as well so user's membership is update upon their login.
- On version 8.11, remove Group1 from User1 , and add another recently created Group2 to his account.
Expected Results
The user will login and his membership will be updated accordingly. Messages in the logs will be as below:
2020-08-25 13:57:28,332-0400 http-nio-8090-exec-20 INFO anonymous 837x356x1 ecry75 192.168.220.5 / [c.a.crowd.directory.DelegatedAuthenticationDirectory] Deleted user "user1"'s imported membership of remote group "Group1" to directory "Delegated authentication directory". 2020-08-25 13:57:28,382-0400 http-nio-8090-exec-20 INFO anonymous 837x356x1 ecry75 192.168.220.5 / [c.a.crowd.directory.DelegatedAuthenticationDirectory] Imported remote group "Group2" to directory "Delegated authentication directory". 2020-08-25 13:57:28,407-0400 http-nio-8090-exec-20 INFO anonymous 837x356x1 ecry75 192.168.220.5 / [c.a.crowd.directory.DelegatedAuthenticationDirectory] Imported user "User1"'s membership of remote group "Groups2" to directory "Delegated authentication directory".
Actual Results
The below exception is thrown in the atlassian-jira.log file:
2020-08-25 14:05:42,189-0400 http-nio-8090-exec-24 ERROR anonymous 845x638x1 h5j42j 192.168.220.5 /login.jsp [c.a.crowd.directory.DelegatedAuthenticationDirectory] Could not update remote group imported memberships of user "User1" in directory "Delegated authentication directory". java.lang.IllegalArgumentException: Class type 'interface com.atlassian.crowd.model.group.InternalDirectoryGroup' for return values is not 'String', 'User' or 'Group' at com.atlassian.jira.crowd.embedded.ofbiz.OfBizDelegatingMembershipDao.result(OfBizDelegatingMembershipDao.java:164)
The above happens for every existing user account membership update upon login and the membership is not updated properly, causing critical issues to customers who relies on this configuration.
For newly created accounts, the error above appears in the logs still, but followed by a successful message afterwards and the membership is updated correctly.
The exact same setup ad configuration works on previous versions as 8.9 or 8.10 for example.
Workaround
Currently there is no known workaround for this behavior.
Attachments
Issue Links
- is caused by
-
JRASERVER-71482 Upgrade Embedded Crowd to version 4.x in Jira Server
- Closed