Troubleshooting User Management Upgrade Issues

Still need help?

The Atlassian Community is here for you.

Ask the community

This KB refers only to common issues regarding the upgrade from JIRA version 4.2.x and lower to 4.3.x or higher.

As of 4.3 of JIRA is bundled with Embedded Crowd, which was previously only available through our Crowd application. This allows a full LDAP integration, making it possible to manage users and groups directly in LDAP. However, several issues can appear when upgrading from older versions. and this guide is to help troubleshooting these issues. 

Common Issues

Upgrade process fails when there are more than on LDAP provider defined in file osuser.xml

Previously, JIRA did not accept more than one provider specified in the osuser.xml file. As this feature was available in other versions, there may be problems with the upgrade. Usually the following message is displayed during the upgrade:

JIRA is unable to migrate the User Directory configuration because the osuser.xml file does not contain a recognized configuration.

This was fixed in JIRA 4.4.4 as tracked in JRA-24161 - Getting issue details... STATUS , additionally our JIRA Upgrade Fails due to osuser.xml configuration KB has further information on this.

The upgrade worked but LDAP users cannot login due to "You do not have a permission to log in. If you think this is incorrect, please contact the administrators"

The LDAP user is not a member of the group that has the JIRA Users Global Permission (as per Managing Global Permissions). By default, this group is the jira-users group. The JIRA administrator needs to ensure that all of the users are members of this group and can check the Jira Users Global Permissions in Administration -> Global Settings -> Global Permissions.

The upgrade failed and an Unprocessed Continuation Reference(s) exception is logged

This is one of the more common errors during migration and will display the below Stack Trace during the upgrade:

...
Caused by: org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name   'DC=example,DC=com'
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:203)
	at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:315)
...

This error occurs because there's an upgrade task that fails to correctly respect the java.naming.referral entries when creating the database entries for the LDAP directory. This issue is tracked in the following bug reports:

There are some workarounds that have been known to fix the issue:

  • If using Microsoft Active Directory, change the LDAP port from 389 to 3268 (if using LDAPS, 3269).
  • Add an OU to the Base DN path. When JIRA is started for the first time it will retrieve the configuration from osuser.xml. If don't probably all parameters are stored into its own database. So will you need to run the following query to check if your system is using the correct *baseDN* path (the one which contains an *OU*):

    select * from cwd_directory_attribute where attribute_name = 'ldap.basedn';

For a more detailed approach, please check this Knowledge Base article: User Lookups Fail With PartialResultExceptions

The process fails due to some commented lines in osuser.xml

In a few cases some commented lines inside osuser.xml were known to cause problems. Whilst this solution has not been exhaustively tested, please make a copy of the osuser.xml and remove the commented lines from the original osuser.xml. Then try to upgrade again as this could fix the problem - maybe the magic will happen!

Upgrade process fails if one of the three default providers was removed from osuser.xml

Originally the osuser.xml file had three default system providers specificied:

<provider>
<property name="exclusive-access">true</property>
</provider>

<provider>
<property name="exclusive-access">true</property>
</provider>

<provider>
<property name="exclusive-access">true</property>
</provider>

In versions prior to 4.3 the instance will still work after removing these providers. However, these parameters are required when upgrading to 4.3.x. Please add back these providers to the osuser.xml file before performing the application upgrade.

Missing $JIRA_INSTALL/atlassian-jira/WEB-INF/classes/osuser.xml on the upgrade creates all users in Jira internal directory and users are no able to login with ldap credentials

Using a backup of the previous JIRA instance that was created before the upgrade, perform the upgrade again with the osuser.xml file in-place.

(info) Please see our Troubleshooting LDAP User Management documentation for further assistance with diagnosing LDAP problems.

Managing 500+ users across Atlassian products?
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.
Last modified on Jan 14, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.