Users In Crowd Are Not Mapped To Groups Correctly From LDAP Server
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
Users in Crowd are mapped correctly to Groups in the LDAP server in the User Directory but are no longer mapped to Groups in Crowd.
- Crowd is set up with a CONNECTOR LDAP Directory
- Crowd is using local Groups
Identify the Directory affected
SELECT id, directory_name FROM cwd_directory;
Find the Users in
SELECT id AS user_id, user_name FROM cwd_user WHERE lower_user_name IN (SELECT DISTINCT(lower_child_name) FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>);
Find the same Users in
SELECT child_id AS user_id, parent_name as group_name, child_name as user_name FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>;
For the rows that are returned, confirm that the same
cwd_membership do not match for the same
Alwaysyour data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.
- Shutdown Crowd and other Atlassian Applications that depend on Crowd
user_nameidentified above in both queries, update the
cwd_membershiptable in Crowd with
UPDATE cwd_membership SET child_id = (SELECT id FROM cwd_user WHERE lower_user_name = '<user_name>') where lower_child_name = '<user_name>'
Restart Crowd and wait for the full sync to complete
- Restart the other Atlassian Applications