User unable to login into Crowd after Crowd was upgraded

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Functional differences in Atlassian Cloud, the contents of this article cannot be applied to Atlassian Cloud applications.

Problem

None of Crowd User able to login into Crowd after an upgrade. However, user can login into applications that is connected to Crowd. 

The following appears in the atlassian-crowd.log when user try to login into Crowd:

2018-07-03 13:46:55,917 http-nio-8095-exec-11 ERROR [crowd.console.action.Login] An error occurred processing the authentication request
org.springframework.security.authentication.AuthenticationServiceException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
	at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.translateException(CrowdAuthenticationProvider.java:248)
	at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticateUsernamePassword(CrowdAuthenticationProvider.java:133)
	at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticate(CrowdAuthenticationProvider.java:82)
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
...
Caused by: org.hibernate.ObjectNotFoundException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
	at org.hibernate.boot.internal.StandardEntityNotFoundDelegate.handleEntityNotFound(StandardEntityNotFoundDelegate.java:28)
	at org.hibernate.proxy.AbstractLazyInitializer.checkTargetState(AbstractLazyInitializer.java:235)
	at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:157)
	at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:259)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:73)
	at com.atlassian.crowd.model.application.DirectoryMapping_$$_jvstf59_1a.getDirectory(DirectoryMapping_$$_jvstf59_1a.java)

Diagnosis

Diagnostic Steps

Run SQL select like example below (the following is created for MySQL database):

 select ca.id as "application_id",ca.application_name,
 adgm.app_dir_mapping_id as "adgm.app_dir_mapping_id",adgm.group_name as "adgm.group_name",adgm.id as "adgm_id",
 adm.id as "adm_id",adm.directory_id as "directory_id",
 gp.ID as "gp_id",gp.permission_id,gp.app_dir_mapping_id as "gp.app_dir_mapping_id",gp.group_name as "gp.group_name" from
 cwd_app_dir_group_mapping adgm join 
 cwd_app_dir_mapping adm on adm.id=adgm.app_dir_mapping_id join
 cwd_granted_perm gp on gp.group_mapping=adgm.id join 
 cwd_application ca on ca.id=adm.application_id;
  • adgm.group_name must match the gp.group_name
  • adm_id must match the app_dir_mapping_id
  • gp.app_dir_mapping_id must match the adm_id and adgm.app_dir_mapping_id
  • adgm.group_name must match the gp.group_name

Cause

Column called app_dir_mapping_id in the Table cwd_granted_perm is referring to non-existence ID. For example:

         application_id: 2
       application_name: crowd
adgm.app_dir_mapping_id: 196609
        adgm.group_name: crowd-administrators
                adgm_id: 229377
                 adm_id: 196609
           directory_id: 32769
                  gp_id: 3866625
          permission_id: 2
  gp.app_dir_mapping_id: 0
          gp.group_name: 


Resolution

  1. Since the fix require manual database update, shutdown Crowd and generate database backup
  2. Then, update the table cwd_granted_perm  manually. The following example is generated based on the example data shown above:

    update cwd_granted_perm set app_dir_mapping_id=196609, group_name='crowd-administrators' where ID=3866625;
  3. Start Crowd and verify if any Crowd user can login


Last modified on Sep 25, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.