Troubleshooting User Management Upgrade Issues
As of 4.3 of JIRA is bundled with Embedded Crowd, which was previously only available through our Crowd application. This allows a full LDAP integration, making it possible to manage users and groups directly in LDAP. However, several issues can appear when upgrading from older versions. and this guide is to help troubleshooting these issues.
Previously, JIRA did not accept more than one provider specified in the
osuser.xml file. As this feature was available in other versions, there may be problems with the upgrade. Usually the following message is displayed during the upgrade:
This was fixed in JIRA 4.4.4 as tracked in JRA-24161 - osuser.xml migration fails if multiple ldap repositories defined Resolved , additionally our JIRA Upgrade Fails due to osuser.xml configuration KB has further information on this.
The LDAP user is not a member of the group that has the JIRA Users Global Permission (as per Managing Global Permissions). By default, this group is the
jira-users group. The JIRA administrator needs to ensure that all of the users are members of this group and can check the Jira Users Global Permissions in Administration -> Global Settings -> Global Permissions.
This is one of the more common errors during migration and will display the below Stack Trace during the upgrade:
This error occurs because there's an upgrade task that fails to correctly respect the java.naming.referral entries when creating the database entries for the LDAP directory. This issue is tracked in the following bug reports:
- JRA-23969 - "Internal with LDAP Authentication" directory needs to be able to follow referrals Resolved
- JRA-23955 - BaseDN without an OU does not work when setting up a directory in JIRA Resolved
There are some workarounds that have been known to fix the issue:
- If using Microsoft Active Directory, change the LDAP port from 389 to 3268 (if using LDAPS, 3269).
Add an OU to the Base DN path. When JIRA is started for the first time it will retrieve the configuration from
.If don't probably all parameters are stored into its own database. So will you need to run the following query to check if your system is using the correct *baseDN* path (the one which contains an *OU*):
For a more detailed approach, please check this Knowledge Base article: User Lookups Fail With PartialResultExceptions
In a few cases some commented lines inside
osuser.xml were known to cause problems. Whilst this solution has not been exhaustively tested, please make a copy of the
osuser.xml and remove the commented lines from the original
osuser.xml. Then try to upgrade again as this could fix the problem - maybe the magic will happen!
osuser.xml file had three default system providers specificied:
In versions prior to 4.3 the instance will still work after removing these providers. However, these parameters are required when upgrading to 4.3.x. Please add back these providers to the
osuser.xml file before performing the application upgrade.
Using a backup of the previous JIRA instance that was created before the upgrade, perform the upgrade again with the
osuser.xml file in-place.
Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.
Was this helpful?
Thanks for your feedback!