Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

MS Active Directory Group Membership not updating

Aron Felberbaum
Aron Felberbaum February 5, 2015

We have the Jira instance integrated with Microsoft Active Directory (Read Only, with Local Groups).

When we added a new member to a group Active Directory, Jira did not refresh the list of members from that group.

We tried a manual sync, but don't work. 

No errors in the logs.

We use JIRA v6.3.4a

 

Answer
Watch
Like Be the first to like this
3325 views

2 answers

0 votes
Aron Felberbaum
Aron Felberbaum February 20, 2015

There was a local group with the same name as a local group. Since there is an existing local group, the group membership of the AD group is not being pulled. Even after deleting the local group, the AD group membership is still not updated because each membership per user on that group is saved in JIRA and is tagged as "local" (cwd_group.local = 1). More details on the issue:https://confluence.atlassian.com/display/JIRAKB/Membership+For+Group+Is+Not+Updated+After+Synchronisation

 

Reply
0 votes
Piotr Klimkowski
Piotr Klimkowski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 5, 2015

So the full sync didn't work ? That's quite mysterious as it should clear all the users and memberships and recreate if from scratch. 

Actually in JIRA 6.3.5 the AD synchronisation was reworked, maybe it's worth to check this out.  See this: https://jira.atlassian.com/browse/JRA-26458

View More Comments
Aron Felberbaum
Aron Felberbaum February 5, 2015

I have the following 3 AD groups and JIRA shows number of users 15, 43 and 8 respectively .

JIRA Users

JIRA Developers

JIRA Admins

However in AD we got 42, 42 and 7 respectively.

No errors in the log:

2015-02-05 16:57:05,940 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10002 ] starting
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 31 ] changed remote users in [ 62ms ]
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] users for delete in DB cache in [ 0ms ]
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleting [ 0 ] users
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] deleted [ 0 ] users in [ 0ms ]
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 31 ] users to add or update
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 31 ] users for update in DB cache in [ 0ms ]
2015-02-05 16:57:06,002 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] updating [ 27 ] users
2015-02-05 16:57:06,580 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] updated [ 27 ] users in [ 578ms ]
2015-02-05 16:57:06,580 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 31 ] users in [ 578ms ]
2015-02-05 16:57:06,627 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 0 ] changed remote groups in [ 47ms ]
2015-02-05 16:57:06,627 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 0 ] groups to add or update
2015-02-05 16:57:06,627 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 0 ] groups for update in DB cache in [ 0ms ]
2015-02-05 16:57:06,627 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 0 ] groups in [ 0ms ]
2015-02-05 16:57:06,643 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ]
2015-02-05 16:57:06,643 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups
2015-02-05 16:57:06,643 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups in [ 0ms ]
2015-02-05 16:57:06,643 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10002 ] in [ 703ms ]

And here is my settings:

Directory ID: 10002
Name: FMGAD1
Active: true
Type: CONNECTOR
Created date: Thu Sep 04 11:57:40 EDT 2014
Updated date: Thu Feb 05 16:57:06 EST 2015
Allowed operations: [CREATE_GROUP, DELETE_GROUP, UPDATE_GROUP, UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE]
Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
Encryption type: sha
Attributes: 
    "autoAddGroups": "Jira Users"
    "com.atlassian.crowd.directory.sync.currentstartsynctime": "null"
    "com.atlassian.crowd.directory.sync.issynchronising": "false"
    "com.atlassian.crowd.directory.sync.lastdurationms": "969"
    "com.atlassian.crowd.directory.sync.laststartsynctime": "1423173425674"
    "crowd.sync.incremental.enabled": "true"
    "directory.cache.synchronise.interval": "300"
    "ldap.basedn": "dc=mycompany,dc=local"
    "ldap.connection.timeout": "10000"
    "ldap.external.id": "objectGUID"
    "ldap.group.description": "description"
    "ldap.group.dn": ""
    "ldap.group.filter": "(&(objectClass=group)(&(cn=jira*)))"
    "ldap.group.name": "cn"
    "ldap.group.objectclass": "group"
    "ldap.group.usernames": "member"
    "ldap.local.groups": "true"
    "ldap.nestedgroups.disabled": "true"
    "ldap.pagedresults": "true"
    "ldap.pagedresults.size": "1000"
    "ldap.password": ********
    "ldap.pool.initsize": "null"
    "ldap.pool.maxsize": "null"
    "ldap.pool.prefsize": "null"
    "ldap.pool.timeout": "0"
    "ldap.propogate.changes": "false"
    "ldap.read.timeout": "120000"
    "ldap.referral": "true"
    "ldap.relaxed.dn.standardisation": "true"
    "ldap.roles.disabled": "true"
    "ldap.search.timelimit": "60000"
    "ldap.secure": "false"
    "ldap.url": "ldap://fmgad1.mycompany.local:389"
    "ldap.user.displayname": "displayName"
    "ldap.user.dn": ""
    "ldap.user.email": "mail"
    "ldap.user.encryption": "sha"
    "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))"
    "ldap.user.firstname": "givenName"
    "ldap.user.group": "memberOf"
    "ldap.user.lastname": "sn"
    "ldap.user.objectclass": "user"
    "ldap.user.password": "unicodePwd"
    "ldap.user.username": "sAMAccountName"
    "ldap.user.username.rdn": "cn"
    "ldap.userdn": "jirasrv@mycompany.local"
    "ldap.usermembership.use": "false"
    "ldap.usermembership.use.for.groups": "false"
    "localUserStatusEnabled": "false"

 

 

Like
Piotr Klimkowski
Piotr Klimkowski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 5, 2015

You might want to check if all conditions for incremental sync to work properly are met, see here: https://confluence.atlassian.com/display/JIRA063/Connecting+to+an+LDAP+Directory under "Enable Incremental Synchronisation" Also, check if disabling the incremental sync in directory properties helps (alternatively disable and enable this directory or simply restart jira, it's all the same). There should be "Full synchronisation completed successfully" in the logs. If the incremental synchronization turns out to be a problem I strongly suggest checking out JIRA 6.3.5 or newer.

Like
Aron Felberbaum
Aron Felberbaum February 6, 2015

I disabled incremental sync and members are still not added. 


2015-02-06 09:36:51,871 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] synchronisation for directory [ 10002 ] starting
2015-02-06 09:36:51,981 CrowdUsnChangedCacheRefresher:thread-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 3 ] remote groups in [ 110ms ]
2015-02-06 09:37:22,404 CrowdUsnChangedCacheRefresher:thread-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 5730 ] remote users in [ 30533ms ]
2015-02-06 09:37:22,591 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 5730 ] users for delete in DB cache in [ 172ms ]
2015-02-06 09:37:22,591 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned for deleted users in [ 172ms ]
2015-02-06 09:37:22,591 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 5730 ] users to add or update
2015-02-06 09:37:22,607 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 5730 ] users for update in DB cache in [ 16ms ]
2015-02-06 09:37:22,607 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] updating [ 7 ] users
2015-02-06 09:37:23,185 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] updated [ 7 ] users in [ 578ms ]
2015-02-06 09:37:23,185 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 5730 ] users in [ 594ms ]
2015-02-06 09:37:23,185 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 3 ] groups to add or update
2015-02-06 09:37:23,232 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 3 ] groups for update in DB cache in [ 47ms ]
2015-02-06 09:37:23,232 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 3 ] groups in [ 47ms ]
2015-02-06 09:37:23,232 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 3 ] groups for delete in DB cache in [ 0ms ]
2015-02-06 09:37:23,544 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] removed [ 1 ] user members from [ Jira Developers ] in [ 281ms ]
2015-02-06 09:37:23,544 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] FULL synchronisation complete for directory [ 10002 ] in [ 31673ms ]


Like
Piotr Klimkowski
Piotr Klimkowski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 9, 2015

From the log at hand - I don't know, ask support maybe ? Maybe turn the debug logging on for crowd, but it will be huge.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events