I have a user in LDAP. I see it from my JIra Server instance (User management - Users). It doesn't have any groups. But when I click in Edit User Groups. the following message appears:
Do you know what the problem is?
Hi Marcela,
This is a weird one to see. I'm still not sure exactly how your Jira managed to do this. So far I haven't been able to recreate this exact scenario. How could a user be a member of all groups and not a member of any groups at the same time? The only weirdly semi-logical answer I can seem to find would be if there are no groups at all, but if that's true it just raises more difficult questions. Let me try to explain: Groups have to exist in Jira, they are the basis for application access, and are frequently used in many other facets like notifications schemes, permission schemes, global permissions, etc.
However groups tend to be bound to the user directory they come from in Jira. There is one notable exception; if your LDAP directory in Jira is setup with the option called Read Only with local groups, this options allow these LDAP users to have group memberships inside of groups that exist in the Jira internal directory. Aside from that one exception, a user account has to get its group membership from groups that also come from that same directory.
Ok, that said, It's also possible that you can sync users into Jira from LDAP, but not sync over any groups from that LDAP directory. It's not common to do, because if you want to manage all these users from the LDAP side, Jira is going to need some way to place these users into a group. Without at least one group this user can be in, Jira can't even give the user account application access to sign in to Jira (not a problem if the user is only using the Jira Service Desk customer portal, as these don't require users to be licensed).
Tell us more about your user directory configuration in Jira. You can find this information in Jira's User Management -> User Directories -> Edit the directory in question
select * from cwd_user where lower_user_name='johndoe';
and
select * from app_user where lower_user_name='johndoe';
Curious to learn more about this problem.
Andy
Hi! Thanks!!!
My answers would be:
1.- Microsoft Active Directory (Read Only, with Local Groups)
2.- Group schema Setting from LDAP? I don't have acces. This must be check with IT (I'll send it as soon as they tell me.
3.- 7.13.2
4.- I'm trying to access SQL database Jira, but I don't know how. I'll send it as soon as I found out.
Thanks for the help. I'm lost. Regards, Marce
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Additional information:
2.- Image attached
4.- select * from cwd_user where lower_user_name='eacuna';
display_name
Acuña Eduardo Ramón
lower_last_name
acuña
lower_display_name
acuña eduardo ramón
email_address
lower_email_address
CREDENTIAL
nopass
deleted_externally
0
EXTERNAL_ID
ca496753a8a2ec4db7d6f597261c0ff8
select * from app_user where lower_user_name='eacuna';
ID
15413
user_key
eacuña
lower_user_name
eacuña
Regards, Marcela
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marcela,
Thanks for this information. I am afraid I don't see any attachment here, although you mentioned adding one here.
Is this problem only happening for this one user? Or do you have other users with this same problem?
I suspect there might be a problem with the character 'ñ' in this user's name. I would recommend walking through the steps in JIRA Application internationalisation and encoding troubleshooting. It has some JVM startup arguments you can add to Jira to make sure the application itself is using the UTF-8 character encoding:
Start JIRA with the variable
-Dfile.encoding=utf-8 and -Dsun.jnu.encoding=UTF-8
. See Setting properties and options on startup.
I would start here and see if this helps make a difference here. It might be the cause, but even if it is not, it's still good to check and make sure this isn't a problem. If you still see this problem after trying this, I would be interested to see if we could take a look at a support zip from your environment to see if we can learn more about your system.
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.