Jira migration from OnDemand to standalone -- sysadmin not working.

Hi guys,

I've been knocking my head against the wall a couple days on this one. I exported a jira on-demand instance, and imported it into a standalone fresh-install of jira 6.2.1 -- I made sure to do the restore option from the wizard. The installation works fine, the index works fine -- however, I can't log in.

I have followed these wikis:

https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

https://confluence.atlassian.com/display/JIRA/Migrating+from+JIRA+OnDemand+to+a+JIRA+Installed+Site

Right after migration,

sysadmin/sysadmin credentials don't work.

Resetting password to encrypted "sphere" in mysql db, and restarting jira doesn't work. Let me show what I see in the DB after I fail to log into newly migrated instance as sysadmin/sysadmin, right after I change password to "spehere"--:

mysql> select * from schemepermissions where PERMISSION=0;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 10000 |   NULL |          0 | group     | administrators |
| 13702 |   NULL |          0 | group     | administrators |
| 13703 |   NULL |          0 | group     | administrators |
| 16900 |   NULL |          0 | group     | site-admins    |
+-------+--------+------------+-----------+----------------+
4 rows in set (0.00 sec)

mysql> select * from schemepermissions where PERMISSION=1;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 16901 |   NULL |          1 | group     | jira-users     |
+-------+--------+------------+-----------+----------------+
1 row in set (0.01 sec)

mysql> select * from schemepermissions where PERMISSION=44;
+-------+--------+------------+-----------+---------------------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter            |
+-------+--------+------------+-----------+---------------------------+
| 13704 |   NULL |         44 | group     | system-administrators     |
| 13705 |   NULL |         44 | group     | confluence-administrators |
+-------+--------+------------+-----------+---------------------------+
2 rows in set (0.00 sec)

mysql> select child_name, directory_id from cwd_membership where parent_name='system-administrators';
+------------+--------------+
| child_name | directory_id |
+------------+--------------+
| sysadmin   |            1 |
+------------+--------------+
1 row in set (0.00 sec)

From the above information, it seems that sysadmin has the global permissions necessary to log in.

Here is record of sysadmin, showing sphere password:

mysql> select * from cwd_user where user_name = "sysadmin";
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| ID    | directory_id | user_name | lower_user_name | active | created_date        | updated_date        | first_name | lower_first_name | last_name     | lower_last_name | display_name         | lower_display_name   | email_address      | lower_email_address | CREDENTIAL                                                                               | deleted_externally | EXTERNAL_ID |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| 12354 |            1 | sysadmin  | sysadmin        |      1 | 2012-07-25 09:09:11 | 2013-09-30 23:29:56 | System     | system           | Administrator | administrator   | System Administrator | system administrator | sysadmin@localhost | sysadmin@localhost  | uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ== |               NULL | 32769:65537 |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+

As you can see, user is active.

Here is a list of the directories:

mysql> select * from cwd_directory;
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
| ID | directory_name          | lower_directory_name    | created_date        | updated_date        | active | description                     | impl_class                                      | lower_impl_class                                | directory_type | directory_position |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
|  1 | JIRA Internal Directory | jira internal directory | 2012-07-25 09:09:07 | 2012-07-25 09:27:30 |      1 | JIRA default internal directory | com.atlassian.crowd.directory.InternalDirectory | com.atlassian.crowd.directory.internaldirectory | INTERNAL       |                  0 |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
1 row in set (0.00 sec)

-- clearly, I don't have the jira-administrators or jira-system-administrators groups created in this example. In past attempts, I have followed all wiki steps, creating these groups, and also assign them to sysadmin. I had also tried creating a separate localadmin user with these groups.

Despite all my attempts, I continue to get errors like this when I try to log in:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

-- it appears that user authenticates, but then can't proceed due to Role mapper issues? I feel like I am missing something. Some check or configuration that I am overlooking?

5 answers

1 accepted

This widget could not be displayed.

Found out this is a known bug:

https://jira.atlassian.com/browse/JRA-37574

Workaround

  • Import OnDemand backup using JIRA 6.2
  • Shutdown the instance
  • Start JIRA 6.2.1 pointing to the JIRA 6.2 database
    JIRA will upgrade the 6.2 database and you can use your JIRA 6.2.1 successfully

Confirmed workaround. I know have a running stand-alone version. :)

This widget could not be displayed.

btw -- max authorization attemps is set at "3" -- could this be preventing me from logging in, even with correct credentials? Is there a way to disable this without being able to login?

This widget could not be displayed.

I tried clearing the captcha count, and rebooted jira. I see this in logs now:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

This widget could not be displayed.

Hi Bryan,

First you will need to recover the admin access to the JIRA by using this guide https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator.


After that, ensure the user are assigned with the group that have system administrator access through global permission. https://confluence.atlassian.com/display/JIRA/Managing+Global+Permissions

Hope this helps

Regards,

Jing Hwa

Hi Jing,

Sorry if I wasn't clear -- I updated my post showing more details. I have followed those wikis --- and many many variations thereof. Any tips much appreciated. I have over the past few years retrieved local admins several times -- I am familiar with the process. This however is the first time I've tried migrating an on-demand instance to a stand-alone version.

Thanks for the help!

This widget could not be displayed.

I'd like to add that I too am having exactly the same problem. I too have imported from on-demand many times in the past successfully. In fact, if I create a fresh install of JIRA 6.2.1 and import an old file taken from on-demand (dated Jan 2014) it imports correctly and I can use the sysadmin account and password to get into the system. If I then create a new JIRA 6.2.1. instance and import a file taken from on-demand today (March 2014) then although JIRA says the import was successful, I cannot get into the system using any account including sysadmin. I just get the message "You do not have a permission to log in".

Thanks Bill -- comforting to know that I might not be crazy here. :)

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

99 views 1 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you