-
Bug
-
Resolution: Timed out
-
Medium
-
None
-
2.11.4
-
None
-
None
I have Stash setup using Active Directory for the User Directory. A user was disabled in Active Directory at the point Stash was installed and the User Directory config was setup, when this user is enabled, Stash does not add it to the Users.
I've tested this a multiple users that were disabled and get the same issue. New users work as expected.
- incorporates
-
-
- Gathering Impact
-
- mentioned in
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page")
Page
Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[BSERV-4923] Active Directory users disabled at first Stash directory sync then enabled after are not added
Matt Warren
added a comment - Discovered two workarounds:
One can manually update the is_active field in the db for the user and it does then sync properly. Future disabled users still don't behave as expected. A disable user is not disabled from Stash. (I have turned the Manage separately off)
One can remove the user from the filter group required by ldap.user.filter, sync, then re-add them and sync. The user is recreated in cwd_user table with the correct is_active state.
Matt Warren
added a comment - Discovered two workarounds:
One can manually update the is_active field in the db for the user and it does then sync properly. Future disabled users still don't behave as expected. A disable user is not disabled from Stash. (I have turned the Manage separately off)
One can remove the user from the filter group required by ldap.user.filter, sync, then re-add them and sync. The user is recreated in cwd_user table with the correct is_active state. Matt Warren
added a comment - I experienced the same problem, tracked with support as https://support.atlassian.com/servicedesk/customer/ssp/problem-report-5194
Suggested solution was:
- Save all your User Directory configuration somewhere;
- Remove your User Directory
- Recreate your user directory without the "Manage User Status Locally" option checked
- Perform a new full synchronization
This time around those 2 users will be available
I'm using Stash 3.2 and AD server is Win2003
The non-synced users are in the DB but with an enabled value of "F" while in AD, they are enabled.
Matt Warren
added a comment - I experienced the same problem, tracked with support as https://support.atlassian.com/servicedesk/customer/ssp/problem-report-5194
Suggested solution was:
Save all your User Directory configuration somewhere;
Remove your User Directory
Recreate your user directory without the "Manage User Status Locally" option checked
Perform a new full synchronization
This time around those 2 users will be available
I'm using Stash 3.2 and AD server is Win2003
The non-synced users are in the DB but with an enabled value of "F" while in AD, they are enabled. Hi chris.evans1,
Since we've not heard back on this and couldn't reproduce the issue, I'm going to go ahead and close this for now. If this is still a problem, I'd suggest raising an issue on support.atlassian.com where we can dig in deeper.
How are you synchronising the user directory in step 6?
By clicking "Synchronise" for the directory in the "User Directories" page.
Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled.
I also had it enabled, I left all advanced settings at their default value. I didn't pay attention if the status said "Incremental synchronisation completed successfully" in step 6 though.
While going through the advanced settings of the directory, I noticed "Manage User Status Locally". Do you have that enabled in your configuration?
Chris Evans
added a comment - Hi Robin. Those look like the correct steps to reproduce. How are you synchronising the user directory in step 6? I've also noticed that disabling users does not remove them from the user list. Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled.
Chris Evans
added a comment - Hi Robin. Those look like the correct steps to reproduce. How are you synchronising the user directory in step 6? I've also noticed that disabling users does not remove them from the user list. Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled. Hi Chris, did you have a chance to look into Robin's response? We can't reproduce the issue you are seeing.
Hi Chris. I tried to reproduce this issue here with Stash 2.11.4 and Active Directory 2003, but could not. These are the steps I did:
- In AD, make sure there is at least one disabled and one enabled user
- In Stash, configure the AD user directory
- Synchronise the user directory
- Go to users. Check that the enabled user is there and the disabled user is not
- In AD, enable the disabled user
- In Stash, synchronise the user directory
- Go to users. Check that both users are there
The previously disabled user showed up in the last step. I also tested with Stash 3.1.1, where I had the same result.
Are the above steps where the problem shows up for you?
Could you try if the same problem also occurs with the latest version of Stash for you?
I tested it and if you changed that flag ('Manage User Status Locally') to False, the application should start synchronising the users' status with LDAP again next time you sync.
The issue is that your UD had that flag set to True.
We raised the following issue: https://jira.atlassian.com/browse/STASH-5129