Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira migration from OnDemand to standalone -- sysadmin not working.

Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2014

Hi guys,

I've been knocking my head against the wall a couple days on this one. I exported a jira on-demand instance, and imported it into a standalone fresh-install of jira 6.2.1 -- I made sure to do the restore option from the wizard. The installation works fine, the index works fine -- however, I can't log in.

I have followed these wikis:

https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

https://confluence.atlassian.com/display/JIRA/Migrating+from+JIRA+OnDemand+to+a+JIRA+Installed+Site

Right after migration,

sysadmin/sysadmin credentials don't work.

Resetting password to encrypted "sphere" in mysql db, and restarting jira doesn't work. Let me show what I see in the DB after I fail to log into newly migrated instance as sysadmin/sysadmin, right after I change password to "spehere"--:

mysql> select * from schemepermissions where PERMISSION=0;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 10000 |   NULL |          0 | group     | administrators |
| 13702 |   NULL |          0 | group     | administrators |
| 13703 |   NULL |          0 | group     | administrators |
| 16900 |   NULL |          0 | group     | site-admins    |
+-------+--------+------------+-----------+----------------+
4 rows in set (0.00 sec)

mysql> select * from schemepermissions where PERMISSION=1;
+-------+--------+------------+-----------+----------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter |
+-------+--------+------------+-----------+----------------+
| 16901 |   NULL |          1 | group     | jira-users     |
+-------+--------+------------+-----------+----------------+
1 row in set (0.01 sec)

mysql> select * from schemepermissions where PERMISSION=44;
+-------+--------+------------+-----------+---------------------------+
| ID    | SCHEME | PERMISSION | perm_type | perm_parameter            |
+-------+--------+------------+-----------+---------------------------+
| 13704 |   NULL |         44 | group     | system-administrators     |
| 13705 |   NULL |         44 | group     | confluence-administrators |
+-------+--------+------------+-----------+---------------------------+
2 rows in set (0.00 sec)

mysql> select child_name, directory_id from cwd_membership where parent_name='system-administrators';
+------------+--------------+
| child_name | directory_id |
+------------+--------------+
| sysadmin   |            1 |
+------------+--------------+
1 row in set (0.00 sec)

From the above information, it seems that sysadmin has the global permissions necessary to log in.

Here is record of sysadmin, showing sphere password:

mysql> select * from cwd_user where user_name = "sysadmin";
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| ID    | directory_id | user_name | lower_user_name | active | created_date        | updated_date        | first_name | lower_first_name | last_name     | lower_last_name | display_name         | lower_display_name   | email_address      | lower_email_address | CREDENTIAL                                                                               | deleted_externally | EXTERNAL_ID |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+
| 12354 |            1 | sysadmin  | sysadmin        |      1 | 2012-07-25 09:09:11 | 2013-09-30 23:29:56 | System     | system           | Administrator | administrator   | System Administrator | system administrator | sysadmin@localhost | sysadmin@localhost  | uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ== |               NULL | 32769:65537 |
+-------+--------------+-----------+-----------------+--------+---------------------+---------------------+------------+------------------+---------------+-----------------+----------------------+----------------------+--------------------+---------------------+------------------------------------------------------------------------------------------+--------------------+-------------+

As you can see, user is active.

Here is a list of the directories:

mysql> select * from cwd_directory;
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
| ID | directory_name          | lower_directory_name    | created_date        | updated_date        | active | description                     | impl_class                                      | lower_impl_class                                | directory_type | directory_position |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
|  1 | JIRA Internal Directory | jira internal directory | 2012-07-25 09:09:07 | 2012-07-25 09:27:30 |      1 | JIRA default internal directory | com.atlassian.crowd.directory.InternalDirectory | com.atlassian.crowd.directory.internaldirectory | INTERNAL       |                  0 |
+----+-------------------------+-------------------------+---------------------+---------------------+--------+---------------------------------+-------------------------------------------------+-------------------------------------------------+----------------+--------------------+
1 row in set (0.00 sec)

-- clearly, I don't have the jira-administrators or jira-system-administrators groups created in this example. In past attempts, I have followed all wiki steps, creating these groups, and also assign them to sysadmin. I had also tried creating a separate localadmin user with these groups.

Despite all my attempts, I continue to get errors like this when I try to log in:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

-- it appears that user authenticates, but then can't proceed due to Role mapper issues? I feel like I am missing something. Some check or configuration that I am overlooking?

Answer
Watch
Like Be the first to like this
785 views

5 answers

1 accepted

0 votes
Answer accepted
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 21, 2014

Found out this is a known bug:

https://jira.atlassian.com/browse/JRA-37574

Workaround

  • Import OnDemand backup using JIRA 6.2
  • Shutdown the instance
  • Start JIRA 6.2.1 pointing to the JIRA 6.2 database
    JIRA will upgrade the 6.2 database and you can use your JIRA 6.2.1 successfully
View More Comments
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 21, 2014

Confirmed workaround. I know have a running stand-alone version. :)

Like
Reply
0 votes
Bill Lee
Bill Lee March 20, 2014

I'd like to add that I too am having exactly the same problem. I too have imported from on-demand many times in the past successfully. In fact, if I create a fresh install of JIRA 6.2.1 and import an old file taken from on-demand (dated Jan 2014) it imports correctly and I can use the sysadmin account and password to get into the system. If I then create a new JIRA 6.2.1. instance and import a file taken from on-demand today (March 2014) then although JIRA says the import was successful, I cannot get into the system using any account including sysadmin. I just get the message "You do not have a permission to log in".

View More Comments
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2014

Thanks Bill -- comforting to know that I might not be crazy here. :)

Like
Reply
0 votes
jing_hwa_cheok
jing_hwa_cheok
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 20, 2014

Hi Bryan,

First you will need to recover the admin access to the JIRA by using this guide https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator.


After that, ensure the user are assigned with the group that have system administrator access through global permission. https://confluence.atlassian.com/display/JIRA/Managing+Global+Permissions

Hope this helps

Regards,

Jing Hwa

View More Comments
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2014

Hi Jing,

Sorry if I wasn't clear -- I updated my post showing more details. I have followed those wikis --- and many many variations thereof. Any tips much appreciated. I have over the past few years retrieved local admins several times -- I am familiar with the process. This however is the first time I've tried migrating an on-demand instance to a stand-alone version.

Thanks for the help!

Like
Reply
0 votes
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2014

I tried clearing the captcha count, and rebooted jira. I see this in logs now:

2014-03-20 17:01:16,684 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' does not require elevated security check.  Attempting authentication...
2014-03-20 17:01:16,780 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' has been authenticated
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login The user 'sysadmin' is NOT AUTHORIZED to perform to login for this request
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login authoriseUser : 'sysadmin' CANNOT login according to the RoleMapper
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login login : 'sysadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2014-03-20 17:01:16,784 http-bio-8080-exec-7 anonymous 1021x35x1 rhm6wd 10.26.102.188 /rest/gadget/1.0/login runAuthentication : 'sysadmin' was UNSUCCESSFULLY authenticated

Reply
0 votes
Bryan Karsh
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 20, 2014

btw -- max authorization attemps is set at "3" -- could this be preventing me from logging in, even with correct credentials? Is there a way to disable this without being able to login?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events