Users lose local group memberships due to length of active column

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

Users that are sourced from an external LDAP directory lose local group memberships on synchronization.

The following appears in the atlassian-confluence.log:

1 2015-03-31 01:39:24,633 INFO [ajp-bio-127.0.0.1-8009-exec-2] [atlassian.crowd.directory.DelegatedAuthenticationDirectory] updateGroups Deleted user "myuser"'s imported membership of remote group "confluence-users" to directory "Delegated Authentication Directory".

Diagnosis

Database

  • Check the length of the active and local columns in the cwd_group table. The column length for both should be one (1).

Cause

By default, the length of the active and local columns in the cwd_group table is one (1) character. If that column is increased to two characters, which can happen when changing the data type to one that supports Unicode (like nchar), that creates a situation where Confluence cannot determine the properties of groups; specifically the status and whether they are local. As a result, Confluence will remove the local group memberships from users, even though nothing has actually changed in that regard.

Solution

Resolution

  • Modify the affected table (cwd_group) by changing the length of the active and/or local columns back to one character:

    1 2 ALTER TABLE table_name ALTER COLUMN active nchar(1);

    Always back up your data before making any database modifications. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.

  • Restart Confluence or flush the Confluence caches

  • Manually restore the local group memberships that were removed

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community