Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-43590

Improve Error Message when LDAP Write Fails due to Lack of User Privileges

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      Context

      This ticket is created based on JRA-42515, after investigations have been conducted to verify the described behavior. Findings of the investigations:

      1. Writing user/group data from JIRA to LDAP is supposed to work properly provided:
        1. The LDAP permission type configured in JIRA is Read/Write
        2. The username used for LDAP configuration has Read/Write privileges to LDAP
      2. If 1.1 is correct, but 1.2 fails i.e. username without Read/Write privileges, then an unclear/misleading error message might be thrown, making it hard for JIRA admin to troubleshoot the root cause: 
        com.atlassian.crowd.exception.runtime.GroupNotFoundException: Group <Unable to create group jira-users in directory 10000 in order to add membership of user user@domain.com (group jira-users found in directory 10000)> does not exist
      3. This misleading message sounds like the Read/Write permission type of the LDAP directory does not work: unable to add an internal group to the LDAP server in order to add an LDAP user to it.
      4. The root cause: the username used for LDAP configuration does not have Read/Write privileges to LDAP

      Steps to reproduce & Facts

      1. connect JIRA to an LDAP server using Connector type with Read/Write permission type
      2. specify a username without Read/Write privileges
      3. from User Management -> Users, try adding an LDAP user to an Internal group:
        1. When adding an LDAP user to an LDAP group, there's no error message, just a quick refresh in the browser, and the user is NOT added to the group.
      4. from User Management -> Groups, try adding an LDAP user to an Internal group:
      5. from User Management -> Groups, try adding an LDAP user to an LDAP group:

        The error message thrown at this step is correct

      Suggestion

      1. The error message in step 3 and 4 above should be similar to that in step 5, which is correct, relevant, and meaningful.
      2. Also, the same message should be thrown for step 3.1.

      Attachments

        1. user_browser.png
          288 kB
          Andy Nguyen
        2. ldap_group_group_browser.png
          170 kB
          Andy Nguyen
        3. group_browser.png
          239 kB
          Andy Nguyen

        Issue Links

          derived from

          Support Request - Issue that is likely specific to the installation JRACLOUD-42515 GroupNotFoundException: ugly failure when attempt is made to add internal group to LDAP user

          • Low - Low priority issues
          • Closed
          is related to

          Suggestion - JRASERVER-43590 Improve Error Message when LDAP Write Fails due to Lack of User Privileges

          • Closed

          Activity

            People

              Unassigned Unassigned
              vdung Andy Nguyen (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: