Users lose local group memberships due to length of active column
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Users that are sourced from an external LDAP directory lose local group memberships on synchronization.
The following appears in the atlassian-confluence.log:
2015-03-31 01:39:24,633 INFO [ajp-bio-127.0.0.1-8009-exec-2] [atlassian.crowd.directory.DelegatedAuthenticationDirectory] updateGroups Deleted user "myuser"'s imported membership of remote group "confluence-users" to directory "Delegated Authentication Directory".Diagnosis
Database
- Check the length of the
activeandlocalcolumns in thecwd_grouptable. The column length for both should be one (1).
Cause
By default, the length of the active and local columns in the cwd_group table is one (1) character. If that column is increased to two characters, which can happen when changing the data type to one that supports Unicode (like nchar), that creates a situation where Confluence cannot determine the properties of groups; specifically the status and whether they are local. As a result, Confluence will remove the local group memberships from users, even though nothing has actually changed in that regard.
Resolution
Modify the affected table (
cwd_group) by changing the length of theactiveand/orlocalcolumns back to one character:ALTER TABLE table_name ALTER COLUMN active nchar(1);Always backup your data before performing any modifications to the database.
- Restart Confluence or flush the Confluence caches
- Manually restore the local group memberships that were removed