Crowd のアップグレード後に Crowd にログインできない
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
問題
None of Crowd User able to login into Crowd after an upgrade. However, user can login into applications that is connected to Crowd.
The following appears in the atlassian-crowd.log when user try to login into Crowd:
2018-07-03 13:46:55,917 http-nio-8095-exec-11 ERROR [crowd.console.action.Login] An error occurred processing the authentication request
org.springframework.security.authentication.AuthenticationServiceException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.translateException(CrowdAuthenticationProvider.java:248)
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticateUsernamePassword(CrowdAuthenticationProvider.java:133)
at com.atlassian.crowd.integration.springsecurity.CrowdAuthenticationProvider.authenticate(CrowdAuthenticationProvider.java:82)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
...
Caused by: org.hibernate.ObjectNotFoundException: No row with the given identifier exists: [com.atlassian.crowd.model.application.DirectoryMapping#0]
at org.hibernate.boot.internal.StandardEntityNotFoundDelegate.handleEntityNotFound(StandardEntityNotFoundDelegate.java:28)
at org.hibernate.proxy.AbstractLazyInitializer.checkTargetState(AbstractLazyInitializer.java:235)
at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:157)
at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:259)
at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:73)
at com.atlassian.crowd.model.application.DirectoryMapping_$$_jvstf59_1a.getDirectory(DirectoryMapping_$$_jvstf59_1a.java)
診断
診断ステップ
Run SQL select like example below (the following is created for MySQL database):
select ca.id as "application_id",ca.application_name,
adgm.app_dir_mapping_id as "adgm.app_dir_mapping_id",adgm.group_name as "adgm.group_name",adgm.id as "adgm_id",
adm.id as "adm_id",adm.directory_id as "directory_id",
gp.ID as "gp_id",gp.permission_id,gp.app_dir_mapping_id as "gp.app_dir_mapping_id",gp.group_name as "gp.group_name" from
cwd_app_dir_group_mapping adgm join
cwd_app_dir_mapping adm on adm.id=adgm.app_dir_mapping_id join
cwd_granted_perm gp on gp.group_mapping=adgm.id join
cwd_application ca on ca.id=adm.application_id;
- adgm.group_name must match the gp.group_name
- adm_id must match the app_dir_mapping_id
- gp.app_dir_mapping_id must match the adm_id and adgm.app_dir_mapping_id
- adgm.group_name must match the gp.group_name
原因
Column called app_dir_mapping_id in the Table cwd_granted_perm is referring to non-existence ID. For example:
application_id: 2
application_name: crowd
adgm.app_dir_mapping_id: 196609
adgm.group_name: crowd-administrators
adgm_id: 229377
adm_id: 196609
directory_id: 32769
gp_id: 3866625
permission_id: 2
gp.app_dir_mapping_id: 0
gp.group_name:
ソリューション
- Since the fix require manual database update, shutdown Crowd and generate database backup
Then, update the table cwd_granted_perm manually. The following example is generated based on the example data shown above:
update cwd_granted_perm set app_dir_mapping_id=196609, group_name='crowd-administrators' where ID=3866625;
Start Crowd and verify if any Crowd user can login