Upgrade to Confluence 3.5 with OSUser LDAP authentication fails
問題
Confluence 3.5 cannot automatically upgrade instances that use OSUser LDAP authentication. The following appears in the atlassian-confluence.log
:
2011-03-21 15:22:44,510 ERROR [main] [atlassian.confluence.upgrade.UpgradeLauncherServletContextListener] contextInitialized Upgrade failed, application will not start: java.lang.UnsupportedOperationException: Unrecognised user management configuration can not be upgraded.
com.atlassian.confluence.upgrade.UpgradeException: java.lang.UnsupportedOperationException: Unrecognised user management configuration can not be upgraded.
In Confluence 3.5.1 and above, the following appears in the atlassian-confluence.log
:
2011-03-29 17:48:09,419 ERROR [main] [confluence.upgrade.upgradetask.OSUserToEmbeddedCrowdMigrationUpgradeTask] generateUpgradeError Detected LDAP User Management in OSUser configuration file. This instance cannot be upgraded automatically. See http://confluence.atlassian.com/x/5AQMDg
2011-03-29 17:48:09,451 ERROR [main] [atlassian.confluence.upgrade.UpgradeLauncherServletContextListener] contextInitialized Upgrade failed, application will not start: OSUser to Embedded Crowd pre upgrade validation failed.
com.atlassian.confluence.upgrade.UpgradeException: OSUser to Embedded Crowd pre upgrade validation failed.
診断
Check osuser.xml
. You should see LDAP connection details, like:
<provider class="com.atlassian.confluence.user.ConfluenceLDAPCredentialsProvider">
<property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
<property name="java.naming.provider.url">ldap://localhost:389</property>
<property name="searchBase">dc=atlassian,dc=com</property>
<property name="uidSearchName">cn</property>
原因
Confluence 3.5 cannot automatically upgrade configurations using LDAP Authentication with OSUser.
ソリューション
This upgrade involves two steps outlined below.
Step 1: Upgrade to 3.5 using a default OSUser configuration
- Confluence インスタンスをシャットダウンします。
- Do not copy your old
osuser.xml
. Instead, download the defaultosuser.xml
and put this in<confluence 3.5.x>/confluence/WEB-INF/classes/
. - Place the provided atlassian-user.xml file in
<confluence 3.5.x>/confluence/WEB-INF/classes/
too. - Start Confluence 3.5. It will migrate all your configured users and groups to the new user management system. However, LDAP authentication is not yet configured and should be configured in Step 2.
Step 2: Set up LDAP configuration via the Confluence UI
If using a version of Confluence older than 3.5.4, you will need to download and install the patch for CONF-22295. To install it, shut down Confluence, extract the zip file so the patch files look like below (create the missing folders manually):
<confluence 3.5.x>/confluence/admin/migrateosuserldap.jsp <confluence 3.5.x>/confluence/WEB-INF/classes/com/atlassian/user/util/migration/*.class
- Start Confluence 3.5
- Log in to Confluence 3.5 using the administration username and password you used prior to configuring LDAP support in Confluence. (Confluence is not yet configured to point to LDAP, so your LDAP credentials will not work.)
- If you cannot remember or do not have a password which allows you to log in, reset the administrator's password in the database and restart Confluence to log in.
- Log in to Confluence, configure your LDAP directory via the User Directories option in the administration area. You will want to add a delegated LDAP authentication directory type ('Internal with LDAP Authentication'). You might want to enable 'Copy User on First Login' if necessary. This will create the user in Confluence if it doesn't already exist. This is useful if you intend to login as a user that was not present in your previous installation (and so will not be migrated) but is present on your LDAP server.
- Reorder the directories so the LDAP directory is first.
- Edit the address bar in the browser to go to http://<confluence url>/admin/migrateosuserldap.jsp and click on "start migration". This will migrate all the user information and properties from the old OS User user management.
- You can now log in as an LDAP user. As before, the authentication is performed in LDAP, but the user information is stored in Confluence.
If your groups did not come across in this process, follow the instructions here: Local Group Memberships for LDAP Users are Lost After Confluence 3.5.x Upgrade
Make sure to follow the additional steps in Upgrading Confluence once your user management system is working correctly.