Users In Crowd Are Not Mapped To Groups Correctly From LDAP Server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Users in Crowd are mapped correctly to Groups in the LDAP server in the User Directory but are no longer mapped to Groups in Crowd.

Diagnosis

Environment

  • Crowd is set up with a CONNECTOR LDAP Directory

  • Crowd is using local Groups

Diagnostic Steps

  1. Identify the Directory affected

    1 SELECT id, directory_name FROM cwd_directory;

  2. Find the Users in cwd_user affected (replace <directory_id> with the id from above).

    1 SELECT id AS user_id, user_name FROM cwd_user WHERE lower_user_name IN (SELECT DISTINCT(lower_child_name) FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>);

  3. Find the same Users in cwd_membership.

    1 SELECT child_id AS user_id, parent_name as group_name, child_name as user_name FROM cwd_membership WHERE child_id NOT IN (SELECT id FROM cwd_user) AND directory_id = <directory_id>; 

  4. For the rows that are returned, confirm that the same user_name has different user_id between cwd_user and cwd_mapping.

Cause

The user_id between cwd_user and cwd_membership do not match for the same user_name.

Solution

Resolution

Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

  1. Shutdown Crowd and other Atlassian Applications that depend on Crowd

  2. For each user_name identified above in both queries, update the cwd_membership table in Crowd with

    1 UPDATE cwd_membership SET child_id = (SELECT id FROM cwd_user WHERE lower_user_name = '<user_name>') where lower_child_name = '<user_name>'

  3. Restart Crowd and wait for the full sync to complete

  4. Restart the other Atlassian Applications

Updated on April 2, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community