"Use the User's Membership Attribute" checkboxes modify the wrong attribute in the database.

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Medium
    • None
    • Affects Version/s: 4.3.3, 5.9.12, 6.2.4
    • Component/s: User - Management
    • 4
    • Severity 2 - Major
    • 1

      For LDAP directories that have a membership attribute defined on the user object, Confluence gives an option to use this attribute to look up group and its members.

      However, the checkboxes are flipped, therefore modifying the wrong attributes in the database (in the cwd_directory_attribute table).

      Current behavior

      When finding the user's group membership modifies the ldap.usermembership.use directory attribute. This attribute affects:

                          // query is to find USER members of GROUP
                    if (ldapPropertiesMapper.isUsingUserMembershipAttribute())
                    {
                        relations = findUserMembersOfGroupViaMemberOf(query.getEntityNameToMatch(), query.getEntityToMatch().getGroupType(), query.getStartIndex(), query.getMaxResults());
                    }
                    else
                    {
                        relations = findUserMembersOfGroupViaMemberDN(query.getEntityNameToMatch(), query.getEntityToMatch().getGroupType(), query.getStartIndex(), query.getMaxResults());
                    }

      When finding the members of a group modifies the ldap.usermembership.use.for.groups directory attribute. This attribute affects:

                          // query is to find GROUP memberships of USER
                    if (ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership())
                    {
                        relations = findGroupMembershipsOfUserViaMemberOf(query.getEntityNameToMatch(), query.getEntityToReturn().getGroupType(), query.getStartIndex(), query.getMaxResults());
                    }
                    else
                    {
                        relations = findGroupMembershipsOfUserViaMemberDN(query.getEntityNameToMatch(), query.getEntityToReturn().getGroupType(), query.getStartIndex(), query.getMaxResults());
                    }

      Expected behavior

      Checkbox Database attribute modifed
      When finding the user's group membership ldap.usermembership.use
      When finding the members of a group ldap.usermembership.use.for.groups

      Other implications

      A Delegated LDAP Auth directory only has the checkbox When finding the user's group membership. Since this checkbox modifies the wrong attribute, it effectively does nothing right now

      Workaround for Delegated Directories:

      Identify the directory ID for the affected directory:

      SELECT * FROM cwd_directory;

      Use the id in the following query:

      UPDATE cwd_directory_attribute SET attribute_value = 'true' WHERE directory_id = <idFrom1stQuery> AND attribute_name = 'ldap.usermembership.use.for.groups';

        1. use_usermembership_attribute.png
          use_usermembership_attribute.png
          32 kB

            Assignee:
            Unassigned
            Reporter:
            Robert Chang (Inactive)
            Votes:
            4 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated: