User can't close an issue

I notice some inconsistency: when I query the Windows domain AD using the LDAP Browser, his id is not in jira-users and jira-developers, but inside the JIRA, his id has these groups. What could be wrong?

Thanks

Jirong

2 answers

Are you sure those are the exact same groups?  Our JIRA uses jira-users and jira-developers groups, but those are local to the JIRA instance only, they don't replicate back to Active Directory.  So it is possible to have two groups with very similar names but different purposes. 

See JIRA Administration | User Management | User Directories.  Is your type "Read Only, with Local Groups" or "Read/Write"?

 

Yes, they are the same group names. It's Read Only. I can see this kind of inconsistency with my id too, e.g, I can see my id in jira-developers in JIRA, but not in domain AD.

You can't edit a read-only AD group in JIRA. "jira-users" and "jira-developers" are local JIRA groups that are created when JIRA is installed and configured, so it shouldn't be possible to have one set of user accounts in JIRA and another set in AD. Since they're local, they shouldn't show up in AD at all. Theoretically, maybe someone created AD groups with the exact same names, not realizing it was unnecessary? I know user accounts get deleted from our Active Directory, but JIRA is written so that it assumes user accounts are never deleted. This means that user accounts that no longer exist in AD will still exist in JIRA if they ever had a JIRA assigned, commented, etc. I'm waiting for the day that a collision occurs in JIRA when a new AD user account identically named to a previously deleted AD account is created. JIRA will probably assume it is the same user.

We ran into a similar issue with a user that was an employee (lots of permissions) that went to work for a client with limited access to our JIRA instance.  The problem – the user still had all their old groups even though it was not reflected that way under user management.    The solution - I found the "orphaned"  relationship mappings in a table called CWD_Membership.  Once I deleted the relationships from the table the user's groups and permissions were corrected.  You may find some help at this link if your problem is similar: https://confluence.atlassian.com/pages/viewpage.action?pageId=281480970

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,383 views 15 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you