Jira migration from OnDemand to standalone -- sysadmin not working.

Hi guys,

I've been knocking my head against the wall a couple days on this one. I exported a jira on-demand instance, and imported it into a standalone fresh-install of jira 6.2.1 -- I made sure to do the restore option from the wizard. The installation works fine, the index works fine -- however, I can't log in.

I have followed these wikis:

https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

https://confluence.atlassian.com/display/JIRA/Migrating+from+JIRA+OnDemand+to+a+JIRA+Installed+Site

Right after migration,

sysadmin/sysadmin credentials don't work.

Resetting password to encrypted "sphere" in mysql db, and restarting jira doesn't work. Let me show what I see in the DB after I fail to log into newly migrated instance as sysadmin/sysadmin, right after I change password to "spehere"--:

mysql> select * from schemepermissions where PERMISSION=0;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 10000 |   NULL |          0 | group     | administrators |
| 13702 |   NULL |          0 | group     | administrators |
| 13703 |   NULL |          0 | group     | administrators |
| 16900 |   NULL |          0 | group     | site-admins    |
+-------+--------+------------+-----------+----------------+
4 rows in set (0.00 sec)

mysql> select * from schemepermissions where PERMISSION=1;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 16901 |   NULL |          1 | group     | jira-users     |
+-------+--------+------------+-----------+----------------+
1 row in set (0.01 sec)

mysql> select * from schemepermissions where PERMISSION=44;
+-------+--------+------------+-----------+---------------------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter            |
+-------+--------+------------+-----------+---------------------------+
| 13704 |   NULL |         44 | group     | system-administrators     |
| 13705 |   NULL |         44 | group     | confluence-administrators |
+-------+--------+------------+-----------+---------------------------+
2 rows in set (0.00 sec)

mysql> select child_name, directory_id from cwd_membership where parent_name='system-administrators';
+------------+--------------+
| child_name | directory_id |
+------------+--------------+
| sysadmin   |            1 |
+------------+--------------+
1 row in set (0.00 sec)

From the above information, it seems that sysadmin has the global permissions necessary to log in.

Here is record of sysadmin, showing sphere password:

mysql> select * from cwd_user where user_name = "sysadmin";
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| ID    | directory_id | user_name | lower_user_name | active | created_date        | updated_date        | first_name | lower_first_name | last_name     | lower_last_name | display_name         | lower_display_name   | email_address      | lower_email_address | CREDENTIAL                                                                               | deleted_externally | EXTERNAL_ID |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| 12354 |            1 | sysadmin  | sysadmin        |      1 | 2012-07-25 09:09:11 | 2013-09-30 23:29:56 | System     | system           | Administrator | administrator   | System Administrator | system administrator | sysadmin@localhost | sysadmin@localhost  | uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ== |               NULL | 32769:65537 |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+

As you can see, user is active.

Here is a list of the directories:

mysql> select * from cwd_directory;
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
| ID | directory_name          | lower_directory_name    | created_date        | updated_date        | active | description                     | impl_class                                      | lower_impl_class                                | directory_type | directory_position |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
|  1 | JIRA Internal Directory | jira internal directory | 2012-07-25 09:09:07 | 2012-07-25 09:27:30 |      1 | JIRA default internal directory | com.atlassian.crowd.directory.InternalDirectory | com.atlassian.crowd.directory.internaldirectory | INTERNAL       |                  0 |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
1 row in set (0.00 sec)

-- clearly, I don't have the jira-administrators or jira-system-administrators groups created in this example. In past attempts, I have followed all wiki steps, creating these groups, and also assign them to sysadmin. I had also tried creating a separate localadmin user with these groups.

Despite all my attempts, I continue to get errors like this when I try to log in:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

-- it appears that user authenticates, but then can't proceed due to Role mapper issues? I feel like I am missing something. Some check or configuration that I am overlooking?

5 answers

1 accepted

Found out this is a known bug:

https://jira.atlassian.com/browse/JRA-37574

Workaround

  • Import OnDemand backup using JIRA 6.2
  • Shutdown the instance
  • Start JIRA 6.2.1 pointing to the JIRA 6.2 database
    JIRA will upgrade the 6.2 database and you can use your JIRA 6.2.1 successfully

Confirmed workaround. I know have a running stand-alone version. :)

btw -- max authorization attemps is set at "3" -- could this be preventing me from logging in, even with correct credentials? Is there a way to disable this without being able to login?

I tried clearing the captcha count, and rebooted jira. I see this in logs now:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

0 vote

Hi Bryan,

First you will need to recover the admin access to the JIRA by using this guide https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator.


After that, ensure the user are assigned with the group that have system administrator access through global permission. https://confluence.atlassian.com/display/JIRA/Managing+Global+Permissions

Hope this helps

Regards,

Jing Hwa

Hi Jing,

Sorry if I wasn't clear -- I updated my post showing more details. I have followed those wikis --- and many many variations thereof. Any tips much appreciated. I have over the past few years retrieved local admins several times -- I am familiar with the process. This however is the first time I've tried migrating an on-demand instance to a stand-alone version.

Thanks for the help!

I'd like to add that I too am having exactly the same problem. I too have imported from on-demand many times in the past successfully. In fact, if I create a fresh install of JIRA 6.2.1 and import an old file taken from on-demand (dated Jan 2014) it imports correctly and I can use the sysadmin account and password to get into the system. If I then create a new JIRA 6.2.1. instance and import a file taken from on-demand today (March 2014) then although JIRA says the import was successful, I cannot get into the system using any account including sysadmin. I just get the message "You do not have a permission to log in".

Thanks Bill -- comforting to know that I might not be crazy here. :)

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,308 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot