Problem

Users in Crowd are mapped correctly to Groups in the LDAP server in the User Directory but are no longer mapped to Groups in Crowd.

Diagnosis

Environment

• Crowd is set up with a CONNECTOR LDAP Directory
• Crowd is using local Groups

Diagnostic Steps

1. Identify the Directory affected

   SELECT id, directory_name FROM cwd_directory;

2. Find the Users in cwd_user affected (replace <directory_id> with the id from above).

   SELECT id AS user_id, user_name FROM cwd_user WHERE lower_user_name IN (SELECT DISTINCT(lower_child_name) FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>);

3. Find the same Users in cwd_membership. 

   SELECT child_id AS user_id, parent_name as group_name, child_name as user_name FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>; 

4. For the rows that are returned, confirm that the same user_name has different user_id between cwd_user and cwd_mapping.

Cause

The user_id between cwd_user and cwd_membership do not match for the same user_name.

Resolution

1. Shutdown Crowd and other Atlassian Applications that depend on Crowd

2. For each user_name identified above in both queries, update the cwd_membership table in Crowd with

   UPDATE cwd_membership SET child_id = (SELECT id FROM cwd_user WHERE lower_user_name = '<user_name>') where lower_child_name = '<user_name>'

3. Restart Crowd and wait for the full sync to complete

4. Restart the other Atlassian Applications