Troubleshooting User Management Upgrade Issues
This KB refers only to common issues regarding the upgrade from JIRA version 4.2.x and lower to 4.3.x or higher.
As of 4.3 of JIRA is bundled with Embedded Crowd, which was previously only available through our Crowd application. This allows a full LDAP integration, making it possible to manage users and groups directly in LDAP. However, several issues can appear when upgrading from older versions. and this guide is to help troubleshooting these issues.
Previously, JIRA did not accept more than one provider specified in the
osuser.xml file. As this feature was available in other versions, there may be problems with the upgrade. Usually the following message is displayed during the upgrade:
JIRA is unable to migrate the User Directory configuration because the osuser.xml file does not contain a recognized configuration.
This was fixed in JIRA 4.4.4 as tracked in - JRA-24161Getting issue details... STATUS , additionally our JIRA Upgrade Fails due to osuser.xml configuration KB has further information on this.
The LDAP user is not a member of the group that has the JIRA Users Global Permission (as per Managing Global Permissions). By default, this group is the
jira-users group. The JIRA administrator needs to ensure that all of the users are members of this group and can check the Jira Users Global Permissions in Administration -> Global Settings -> Global Permissions.
This is one of the more common errors during migration and will display the below Stack Trace during the upgrade:
... Caused by: org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=example,DC=com' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:203) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315) ...
This error occurs because there's an upgrade task that fails to correctly respect the java.naming.referral entries when creating the database entries for the LDAP directory. This issue is tracked in the following bug reports:
There are some workarounds that have been known to fix the issue:
- If using Microsoft Active Directory, change the LDAP port from 389 to 3268 (if using LDAPS, 3269).
Add an OU to the Base DN path. When JIRA is started for the first time it will retrieve the configuration from
.If don't probably all parameters are stored into its own database. So will you need to run the following query to check if your system is using the correct *baseDN* path (the one which contains an *OU*):
select * from cwd_directory_attribute where attribute_name = 'ldap.basedn';
For a more detailed approach, please check this Knowledge Base article: User Lookups Fail With PartialResultExceptions
In a few cases some commented lines inside
osuser.xml were known to cause problems. Whilst this solution has not been exhaustively tested, please make a copy of the
osuser.xml and remove the commented lines from the original
osuser.xml. Then try to upgrade again as this could fix the problem - maybe the magic will happen!
osuser.xml file had three default system providers specificied:
<provider> <property name="exclusive-access">true</property> </provider> <provider> <property name="exclusive-access">true</property> </provider> <provider> <property name="exclusive-access">true</property> </provider>
In versions prior to 4.3 the instance will still work after removing these providers. However, these parameters are required when upgrading to 4.3.x. Please add back these providers to the
osuser.xml file before performing the application upgrade.
Using a backup of the previous JIRA instance that was created before the upgrade, perform the upgrade again with the
osuser.xml file in-place.
Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.