Bamboo users lose permissions on projects after migrating from one external directory to another
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
If you have migrated users from one user directory to another, and then add the new user directory to Bamboo, it may be possible that users will lose permissions after disabling the old user directory.
As an example, we will use the user "Sheldon Cooper" that exists in LDAP, and is then migrated to Active Directory.
Before the migration, Sheldon Cooper had permissions assigned:
After disabling or removing the LDAP directory from Bamboo, Sheldon Cooper loses his permissions:
Environment
This is seen in Bamboo version 8.0.3 when connected with external directories LDAP and Active Directory.
Diagnosis
The letter case of migrated user names (used to log into Bamboo) in new user directory is observed to be different from that of old user directory. For example, username is "Cooper" in old user directory and "cooper" in new user directory.
Having both external user directories active, the SQL query below can be used to get information about a user's username:
Select * from cwd_user where lower_user_name = 'User Name';The difference explained above must be observed in the column "user_name". If there is a discrepancy in the letter case between both entries, then this article applies to you.
Please note that the user_name column represents the actual login id of the user, whereas the lower_user_name column represents the lower case value of user_name.
The directory details of the corresponding user name can be checked using the below query:
select cu.id user_id,cu.user_name,cu.lower_user_name,cu.active,cd.directory_name from cwd_directory cd
join cwd_user cu on cu.directory_id = cd.id
where lower_user_name = 'User Name';Cause
When it comes to permissions, Bamboo is case sensitive when handling usernames, and if there is a letter case change during the migration, the permissions will still exist in the database, but won't be mapped to the newly migrated user.
Solution
Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.
Change the user names of affected users in the new user directory to match the ones in the old user directory in order to preserve their permissions.
Option 1 (recommended)
Change the user name values directly in the new user directory and synchronize the user directory in Bamboo.
Option 2
Update the user_name column in the database (table cwd_user) for the respective external directory id. (
We don't recommend this option as it requires direct database updates. Consider it only as a last resort, and please contact Atlassian Support if you need help or advice).