Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-4923

Active Directory users disabled at first Stash directory sync then enabled after are not added

    • Icon: Bug Bug
    • Resolution: Timed out
    • Icon: Medium Medium
    • None
    • 2.11.4
    • None
    • None

      I have Stash setup using Active Directory for the User Directory. A user was disabled in Active Directory at the point Stash was installed and the User Directory config was setup, when this user is enabled, Stash does not add it to the Users.

      I've tested this a multiple users that were disabled and get the same issue. New users work as expected.

          Form Name

            [BSERV-4923] Active Directory users disabled at first Stash directory sync then enabled after are not added

            I tested it and if you changed that flag ('Manage User Status Locally') to False, the application should start synchronising the users' status with LDAP again next time you sync.

            The issue is that your UD had that flag set to True.

            We raised the following issue: https://jira.atlassian.com/browse/STASH-5129

            ThiagoBomfim (Inactive) added a comment - I tested it and if you changed that flag ('Manage User Status Locally') to False, the application should start synchronising the users' status with LDAP again next time you sync. The issue is that your UD had that flag set to True. We raised the following issue: https://jira.atlassian.com/browse/STASH-5129

            Discovered two workarounds:

            One can manually update the is_active field in the db for the user and it does then sync properly. Future disabled users still don't behave as expected. A disable user is not disabled from Stash. (I have turned the Manage separately off)

            One can remove the user from the filter group required by ldap.user.filter, sync, then re-add them and sync. The user is recreated in cwd_user table with the correct is_active state.

            Matt Warren added a comment - Discovered two workarounds: One can manually update the is_active field in the db for the user and it does then sync properly. Future disabled users still don't behave as expected. A disable user is not disabled from Stash. (I have turned the Manage separately off) One can remove the user from the filter group required by ldap.user.filter, sync, then re-add them and sync. The user is recreated in cwd_user table with the correct is_active state.

            I experienced the same problem, tracked with support as https://support.atlassian.com/servicedesk/customer/ssp/problem-report-5194

            Suggested solution was:

            1. Save all your User Directory configuration somewhere;
            2. Remove your User Directory
            3. Recreate your user directory without the "Manage User Status Locally" option checked
            4. Perform a new full synchronization
              This time around those 2 users will be available

            I'm using Stash 3.2 and AD server is Win2003

            The non-synced users are in the DB but with an enabled value of "F" while in AD, they are enabled.

            Matt Warren added a comment - I experienced the same problem, tracked with support as https://support.atlassian.com/servicedesk/customer/ssp/problem-report-5194 Suggested solution was: Save all your User Directory configuration somewhere; Remove your User Directory Recreate your user directory without the "Manage User Status Locally" option checked Perform a new full synchronization This time around those 2 users will be available I'm using Stash 3.2 and AD server is Win2003 The non-synced users are in the DB but with an enabled value of "F" while in AD, they are enabled.

            Hi chris.evans1,

            Since we've not heard back on this and couldn't reproduce the issue, I'm going to go ahead and close this for now. If this is still a problem, I'd suggest raising an issue on support.atlassian.com where we can dig in deeper.

            Roger Barnes (Inactive) added a comment - Hi chris.evans1 , Since we've not heard back on this and couldn't reproduce the issue, I'm going to go ahead and close this for now. If this is still a problem, I'd suggest raising an issue on support.atlassian.com where we can dig in deeper.

            Brent P added a comment -

            chris.evans1 - Have you had any time to look into Robin's question?

            Brent P added a comment - chris.evans1 - Have you had any time to look into Robin's question?

            How are you synchronising the user directory in step 6?

            By clicking "Synchronise" for the directory in the "User Directories" page.

            Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled.

            I also had it enabled, I left all advanced settings at their default value. I didn't pay attention if the status said "Incremental synchronisation completed successfully" in step 6 though.

            While going through the advanced settings of the directory, I noticed "Manage User Status Locally". Do you have that enabled in your configuration?

            Robin Stocker (Inactive) added a comment - How are you synchronising the user directory in step 6? By clicking "Synchronise" for the directory in the "User Directories" page. Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled. I also had it enabled, I left all advanced settings at their default value. I didn't pay attention if the status said "Incremental synchronisation completed successfully" in step 6 though. While going through the advanced settings of the directory, I noticed "Manage User Status Locally". Do you have that enabled in your configuration?

            Hi Robin. Those look like the correct steps to reproduce. How are you synchronising the user directory in step 6? I've also noticed that disabling users does not remove them from the user list. Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled.

            Chris Evans added a comment - Hi Robin. Those look like the correct steps to reproduce. How are you synchronising the user directory in step 6? I've also noticed that disabling users does not remove them from the user list. Could "Enable Incremental Synchronisation:" have anything to do with this? I have it enabled.

            Hi Chris, did you have a chance to look into Robin's response? We can't reproduce the issue you are seeing.

            Stefan Saasen (Inactive) added a comment - Hi Chris, did you have a chance to look into Robin's response? We can't reproduce the issue you are seeing.

            Hi Chris. I tried to reproduce this issue here with Stash 2.11.4 and Active Directory 2003, but could not. These are the steps I did:

            1. In AD, make sure there is at least one disabled and one enabled user
            2. In Stash, configure the AD user directory
            3. Synchronise the user directory
            4. Go to users. Check that the enabled user is there and the disabled user is not
            5. In AD, enable the disabled user
            6. In Stash, synchronise the user directory
            7. Go to users. Check that both users are there

            The previously disabled user showed up in the last step. I also tested with Stash 3.1.1, where I had the same result.

            Are the above steps where the problem shows up for you?

            Could you try if the same problem also occurs with the latest version of Stash for you?

            Robin Stocker (Inactive) added a comment - Hi Chris. I tried to reproduce this issue here with Stash 2.11.4 and Active Directory 2003, but could not. These are the steps I did: In AD, make sure there is at least one disabled and one enabled user In Stash, configure the AD user directory Synchronise the user directory Go to users. Check that the enabled user is there and the disabled user is not In AD, enable the disabled user In Stash, synchronise the user directory Go to users. Check that both users are there The previously disabled user showed up in the last step. I also tested with Stash 3.1.1, where I had the same result. Are the above steps where the problem shows up for you? Could you try if the same problem also occurs with the latest version of Stash for you?

              Unassigned Unassigned
              chris.evans1 Chris Evans
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: