[CONFCLOUD-24786] Provide Confluence support for Active Directory's "Account Disabled" flag

Type: Suggestion
Resolution: Fixed
Component/s: None
Labels:

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

It should be tied to Confluence's concept of an "Active" flag.

Currently, disabled/deactivated AD users are synced to Confluence like other active AD users. They are still considered as an active users in Confluence and hence will be counted towards the license. However, the authentication against AD would of course fails. It'd be nice if Confluence can flag these users as "Disabled" users.

is cloned from

CWD-995 Provide Crowd support for Active Directory's "Account Disabled" flag

Closed

is related to

CONFSERVER-24786 Provide Confluence support for Active Directory's "Account Disabled" flag

Closed

was cloned as

JRACLOUD-30694 Provide JIRA support for Active Directory's "Account Disabled" flag

Closed

Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

pcurren ~~CWD-995~~ is solved in Crowd 2.7, so Confluence should work with emb crowd 2.7, I think that is Confluence v5.3?

Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM pcurren CWD-995 is solved in Crowd 2.7, so Confluence should work with emb crowd 2.7, I think that is Confluence v5.3?

HuseinA added a comment - 01/Mar/2012 12:10 PM

quoting gutch comment from ~~CWD-995~~ that I tested in Confluence 4.1.5 and it did indeed help!

There is a workaround that might be suitable until a full solution is implemented. Set the 'User Object Filter' on the directory in Crowd to:
(&(objectCategory=Person)(sAMAccountName=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
This excludes users who have the UF_ACCOUNTDISABLE flag set, which is the flag that Active Directory sets when you disable an account.

Note that Confluence seems to be able to do this completely only on full sync which currently can only be triggered by a restart.

HuseinA added a comment - 01/Mar/2012 12:10 PM quoting gutch comment from CWD-995 that I tested in Confluence 4.1.5 and it did indeed help! There is a workaround that might be suitable until a full solution is implemented. Set the 'User Object Filter' on the directory in Crowd to: (&(objectCategory=Person)(sAMAccountName=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) This excludes users who have the UF_ACCOUNTDISABLE flag set, which is the flag that Active Directory sets when you disable an account. Note that Confluence seems to be able to do this completely only on full sync which currently can only be triggered by a restart.

Assignee:: Unassigned

Reporter:: David O'Flynn [Atlassian]

Votes:: 10 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 01/Mar/2012 12:00 PM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 09/Oct/2014 10:08 PM

Confluence Cloud

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

Expand comment: Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

Collapse comment: HuseinA added a comment - 01/Mar/2012 12:10 PM

Expand comment: HuseinA added a comment - 01/Mar/2012 12:10 PM

People

Dates