Unable to add user to group error while creating a new Service Management
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
The error below is displayed when trying to create a new Service Management Agent on Jira Service Management 2.0.2+:
The following error appears in the atlassian-jira.log:
2014-09-15 16:19:02,151 http-bio-8080-exec-21 ERROR johnsmith 978x1726x2 myhd5s 192.168.10.121 /rest/servicedesk/1/servicedesk/create-welcome-project [internal.user.group.ServiceDeskUserGroupManager] Could not add user: johnsmith to group: service-desk-agents
com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Group 'service-desk-agents' does not exist in the directory of the user and cannot be added.診断
- Jira Service Management is connected to an LDAP Directory with Read Only permissions as per the Connecting to an LDAP directory.
- Jira Service Management is connected to Crowd for user management.
原因
When a user creates a Service Management they are automatically added as an agent. This involves adding that user to the group service-desk-agents.
The error is happening because the group service-desk-agents does not exist in the directory in which the user creating the Service Management is authenticated (e.g. in the error above the error happened for the username johnsmith). Jira also does not have permission to add the user creating the Service Management to the service-desk-agents group because of the Read Only setting configured on the User Directory.
回避策
There are two possible workarounds for this error:
回避策 1
Change the User Directory LDAP Permissions for the user facing the error to Read Only, with Local Groups.
回避策 2
Add the group service-desk-agents in the Crowd or LDAP server.
In Jira Service Management, the attribute below must be added to the the service-desk-agents group:synch.created.by.jira.service.desk synch.created.by.jira.service.desk You can run this query in the Jira Database to identify the group id and directory id of the service-desk-agents group:
SELECT * FROM cwd_group WHERE group_name = 'service-desk-agents';Use the id as <groupid>, and directory_id as <directoryID> in the following query:
INSERT INTO cwd_group_attributes(ID, group_id, directory_id, attribute_name, attribute_value, lower_attribute_value) VALUES (9999, <groupid>, <directoryID>, 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk', 'synch.created.by.jira.service.desk');- Add the user creating the Service Management and all the agent users to that group in the Crowd or LDAP server directly.
- Then navigate to
Jira Administration > Global Permissions, and add the service-desk-agents group, and give it the Jira Service Management agent access permission.