Status: Gathering Impact (View Workflow)
Affects Version/s: None
Fix Version/s: None
Component/s: User Management - LDAP
Support reference count:9
Symptom Severity:Severity 2 - Major
Bug Fix Policy:
Since we're not likely to implement Manage Users Locally in the near future, this ticket now represents the suggestion to disable it in the meantime so as to avoid confusion.
When creating a User Directory in Stash using:
- Microsoft Active Directory
The following option is shown in the "Advanced" section:
- 'Manage User Status Locally' - If true, you can activate and deactivate users in Crowd independent of their status in the directory server.
However, we are currently unable to manage the user status using the Stash UI and that's due to the fact we haven't implemented read/write support for Crowd directories.
If customers create their UD with 'Manage User Status Locally' option checked, they should expect their instance not to keep up-to-date with changes to the users status on their LDAP servers linked to Stash.
We also need to update our Stash LDAP documentation to include the explanation for that option under the "Advanced" section: https://confluence.atlassian.com/display/STASH/Connecting+Stash+to+an+existing+LDAP+directory
We currently have it documented in Crowd:
In other words, if a user account is disabled in Active Directory, it will be deactivated in Crowd on the next synchronisation. Likewise, if a user is deactivated through Crowd, the user account will be disabled in Active Directory. If you want to prevent this synchronisation, enable the 'Manage User Status Locally' option in the directory configuration.