Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
5
-
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Context
This ticket is created based on JRA-42515, after investigations have been conducted to verify the described behavior. Findings of the investigations:
- Writing user/group data from JIRA to LDAP is supposed to work properly provided:
- The LDAP permission type configured in JIRA is Read/Write
- The username used for LDAP configuration has Read/Write privileges to LDAP
- If 1.1 is correct, but 1.2 fails i.e. username without Read/Write privileges, then an unclear/misleading error message might be thrown, making it hard for JIRA admin to troubleshoot the root cause:
com.atlassian.crowd.exception.runtime.GroupNotFoundException: Group <Unable to create group jira-users in directory 10000 in order to add membership of user user@domain.com (group jira-users found in directory 10000)> does not exist
- This misleading message sounds like the Read/Write permission type of the LDAP directory does not work: unable to add an internal group to the LDAP server in order to add an LDAP user to it.
- The root cause: the username used for LDAP configuration does not have Read/Write privileges to LDAP
Steps to reproduce & Facts
- connect JIRA to an LDAP server using Connector type with Read/Write permission type
- specify a username without Read/Write privileges
- from User Management -> Users, try adding an LDAP user to an Internal group:
- When adding an LDAP user to an LDAP group, there's no error message, just a quick refresh in the browser, and the user is NOT added to the group.
- from User Management -> Groups, try adding an LDAP user to an Internal group:
- from User Management -> Groups, try adding an LDAP user to an LDAP group:
The error message thrown at this step is correct
Suggestion
- The error message in step 3 and 4 above should be similar to that in step 5, which is correct, relevant, and meaningful.
- Also, the same message should be thrown for step 3.1.
Attachments
Issue Links
- derived from
-
JRASERVER-42515 GroupNotFoundException: ugly failure when attempt is made to add internal group to LDAP user
- Closed
- relates to
-
JRACLOUD-43590 Improve Error Message when LDAP Write Fails due to Lack of User Privileges
- Closed