Hey all. I'm trying to fix someone else's issue and have something I've never run into before and wanted to ask here before I hit up support. My initial thought is that I'll need to kill some things at the DB level.
Two LDAP configurations were setup, pointed at the same server, just differently, one was delegated and one was "copy user on login" The delegated one was done first. A bunch of people signed in through that. The 2nd one was the correct one to use. The first setup doesn't let some subset of users in. The 2nd one will.
But because they are pointed at the same LDAP server, they are "duplicates" which Jira doesn't like. I've tried changing the order, but that doesn't work. When I disable the bad one, it kills everyone's account and doesn't let them sign in using the good one.
I think I will need to kill the users in the DB after moving their content, but I am not sure.
When you disable the bad one, why isn't it allowing users to login using the good one? Do you have "JIRA Users" permission limited to groups like "jira-users" which is there only in JIRA? Not in your LDAP? If so, grant the permission to some LDAP groups as well. Or add the "jira-users" group in LDAP and add users into it.
The user exists in both and is the same entity because they are pointing at the same LDAP server. When I disable it, everyone disappears who is associated with that user directory. I then try to login to auto-create the account from the correct one, or even adding the account with the correct one and the users can never login even when they have jira-user group. Error in the logs has to do with the entity already exists in a different service.
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG