Jira user loses association to existing Jira data after being renamed on LDAP
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
After renaming a Jira user on LDAP, the user loses references to existing Jira data associated with previous username.
診断
環境
Jira with multiple external directories.
Diagnostic Steps
There is atleast another directory at the top of the affected external directory, which also includes an account for the renamed user.
There is a disabled directory (e.g. an Internal with LDAP Authentication directory) at the top of the active user directory having the same username.
- After the user was renamed in LDAP, you would notice that the cwd_user database table record is renamed accordingly. However, in the app_user table the lower_user_name wasn't renamed, instead a new record was added for new username.
原因
Jira is able to associate existing data with a user even after the username changes through the user_key, a permanent reference to the user, stored in the app_user table. The app_user table maintains a reference of user_key and current user name.
When the affected user is renamed in LDAP and this change is synchronized to Jira, having the same user account in a disabled directory in a higher position in the order of user directories, overshadows or hides other occurrence of the user in lower User directories. This prevents Jira from renaming the user on the app_user table, and because the old entry for the user in app_user table is not updated with the new user_name, the new username now looses the reference to existing data associated with old username.
回避策
- If you encountered this in a test environment, you can:
- Temporarily reverse the user rename in LDAP if possible.
- Roll-back your Jira data to a state prior to the original rename.
- Remove or move the disabled directory (which is overshadowing the user in the directory you're trying to modify) to the bottom of your directory order, where it will no longer be able to obstruct the rename.
- Then you would be able to rename the user from LDAP again safely.
- If you encountered this in production it may be safer to reach out to Atlassian Support to evaluate the data, and provide best approach to resolution.