Jira user loses association to existing Jira data after being renamed on LDAP

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

After renaming a Jira user on LDAP, the user loses references to existing Jira data associated with previous username.

Diagnosis

Environment

  • Jira with multiple external directories.

Diagnostic Steps

  • There is atleast another directory at the top of the affected external directory, which also includes an account for the renamed user.

  • There is a disabled directory (e.g. an Internal with LDAP Authentication directory) at the top of the active user directory having the same username.

  • After the user was renamed in LDAP, you would notice that the cwd_user database table record is renamed accordingly. However, in the app_user table the lower_user_name wasn't renamed, instead a new record was added for new username.

Cause

Jira is able to associate existing data with a user even after the username changes through the user_key, a permanent reference to the user, stored in the app_user table. The app_user table maintains a reference of user_key and current user name.

When the affected user is renamed in LDAP and this change is synchronized to Jira, having the same user account in a disabled directory in a higher position in the order of user directories, overshadows or hides other occurrence of the user in lower User directories. This prevents Jira from renaming the user on the app_user table, and because the old entry for the user in app_user table is not updated with the new user_name, the new username now looses the reference to existing data associated with old username.

Workaround

  • If you encountered this in a test environment, you can:
    1. Temporarily reverse the user rename in LDAP if possible.
    2. Roll-back your Jira data to a state prior to the original rename.
    3. Remove or move the disabled directory (which is overshadowing the user in the directory you're trying to modify) to the bottom of your directory order, where it will no longer be able to obstruct the rename.
    4. Then you would be able to rename the user from LDAP again safely.
  • If you encountered this in production it may be safer to reach out to Atlassian Support to evaluate the data, and provide best approach to resolution.



Description
After renaming a Jira user on LDAP, the user loses references to existing Jira data associated with previous username.
Product
Jira, Jira Software, Jira Service Management
Last modified on Nov 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.