Synchronization between Confluence and Azure Active Directory is PARTIALLY_FAILED (User is not unique)

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

 

要約

The synchronization between the Azure Active Directory (AAD) and Confluence is made through the SAML Single Sign On for Confluence third-party app.

When trying to synchronize, the result is PARTIALLY_FAILED and the error message is User is not unique (see the screenshot):

As a result, a particular user is unable to log into Confluence. This error may affect one or more users.

環境

診断

When trying to sync Azure Active Directory users through the third-party app, the following message is displayed on application logs:

atlassian-confluence.log
2020-11-05 16:33:25,831 ERROR [http-nio-8090-exec-679] [atlasplugins.samlsso.userauth.PrincipalProviderImpl] log ZG176: Updating user from connector failed, result was not SUCCESS or resulting user was not present: User is not unique

原因

A user that was previously synced between Confluence and the AAD was deleted in the external directory. Before synchronizing to Confluence (and removing the user from Confluence tables), a new user was created externally, using the same e-mail as the deleted user but with a different username.

The next synchronization between Confluence and AAD (through the app) will identify the same e-mail being used by a different user in Confluence, thus triggering the User is not unique error.

ソリューション

データベースの変更を行う場合は必ず事前にバックアップを取得してください。可能な場合は、まずステージング サーバーで SQL コマンドの変更、挿入、更新、または削除を行うようにします。

While existing this divergence between two different usernames, Confluence will not sync properly to the AAD. You'll need to manually change the deleted user's e-mail in Confluence Database to other unused value:

  1. Confluence をシャットダウンします。
  2. Run the following query at the Confluence database:

    PostgreSQL query
    UPDATE cwd_user 
    SET email_address = 'somerandom@email.value', 
        lower_email_address = 'somerandom@email.value'
    WHERE id in (
    	select id from cwd_user where user_name = '<DELETED_USERNAME>');

    (warning) If the user that was deleted in the AAD belongs to multiple Confluence directories you may need to narrow down the directory, otherwise, all e-mails will be changed.

  3. Confluence を起動します。
  4. Try to sync Confluence to the AAD using the app SAML Single Sign On for Confluence


最終更新日 2021 年 1 月 21 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.