Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-43590

Improve Error Message when LDAP Write Fails due to Lack of User Privileges

    XMLWordPrintable

Details

    • 5
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Context

      This ticket is created based on JRA-42515, after investigations have been conducted to verify the described behavior. Findings of the investigations:

      1. Writing user/group data from JIRA to LDAP is supposed to work properly provided:
        1. The LDAP permission type configured in JIRA is Read/Write
        2. The username used for LDAP configuration has Read/Write privileges to LDAP
      2. If 1.1 is correct, but 1.2 fails i.e. username without Read/Write privileges, then an unclear/misleading error message might be thrown, making it hard for JIRA admin to troubleshoot the root cause: 
        com.atlassian.crowd.exception.runtime.GroupNotFoundException: Group <Unable to create group jira-users in directory 10000 in order to add membership of user user@domain.com (group jira-users found in directory 10000)> does not exist
      3. This misleading message sounds like the Read/Write permission type of the LDAP directory does not work: unable to add an internal group to the LDAP server in order to add an LDAP user to it.
      4. The root cause: the username used for LDAP configuration does not have Read/Write privileges to LDAP

      Steps to reproduce & Facts

      1. connect JIRA to an LDAP server using Connector type with Read/Write permission type
      2. specify a username without Read/Write privileges
      3. from User Management -> Users, try adding an LDAP user to an Internal group:
        1. When adding an LDAP user to an LDAP group, there's no error message, just a quick refresh in the browser, and the user is NOT added to the group.
      4. from User Management -> Groups, try adding an LDAP user to an Internal group:
      5. from User Management -> Groups, try adding an LDAP user to an LDAP group:

        The error message thrown at this step is correct

      Suggestion

      1. The error message in step 3 and 4 above should be similar to that in step 5, which is correct, relevant, and meaningful.
      2. Also, the same message should be thrown for step 3.1.

      Attachments

        1. group_browser.png
          group_browser.png
          239 kB
        2. ldap_group_group_browser.png
          ldap_group_group_browser.png
          170 kB
        3. user_browser.png
          user_browser.png
          288 kB

        Issue Links

          derived from

          Support Request - Issue that is likely specific to the installation JRASERVER-42515 GroupNotFoundException: ugly failure when attempt is made to add internal group to LDAP user

          • Low - Low priority issues
          • Closed
          relates to

          Suggestion - JRACLOUD-43590 Improve Error Message when LDAP Write Fails due to Lack of User Privileges

          • Closed

          Activity

            People

              Unassigned Unassigned
              vdung Andy Nguyen (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: