[CONFSERVER-24786] Provide Confluence support for Active Directory's "Account Disabled" flag

Type: Suggestion
Resolution: Fixed
Fix Version/s: 5.3
Component/s: None
Labels:

Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

It should be tied to Confluence's concept of an "Active" flag.

Currently, disabled/deactivated AD users are synced to Confluence like other active AD users. They are still considered as an active users in Confluence and hence will be counted towards the license. However, the authentication against AD would of course fails. It'd be nice if Confluence can flag these users as "Disabled" users.

is cloned from

CWD-995 Provide Crowd support for Active Directory's "Account Disabled" flag

Closed

relates to

CONFCLOUD-24786 Provide Confluence support for Active Directory's "Account Disabled" flag

Closed

was cloned as

JRASERVER-30694 Provide JIRA support for Active Directory's "Account Disabled" flag

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(5 mentioned in)

Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

pcurren ~~CWD-995~~ is solved in Crowd 2.7, so Confluence should work with emb crowd 2.7, I think that is Confluence v5.3?

Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM pcurren CWD-995 is solved in Crowd 2.7, so Confluence should work with emb crowd 2.7, I think that is Confluence v5.3?

HuseinA added a comment - 01/Mar/2012 12:10 PM

quoting gutch comment from ~~CWD-995~~ that I tested in Confluence 4.1.5 and it did indeed help!

There is a workaround that might be suitable until a full solution is implemented. Set the 'User Object Filter' on the directory in Crowd to:
(&(objectCategory=Person)(sAMAccountName=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
This excludes users who have the UF_ACCOUNTDISABLE flag set, which is the flag that Active Directory sets when you disable an account.

Note that Confluence seems to be able to do this completely only on full sync which currently can only be triggered by a restart.

HuseinA added a comment - 01/Mar/2012 12:10 PM quoting gutch comment from CWD-995 that I tested in Confluence 4.1.5 and it did indeed help! There is a workaround that might be suitable until a full solution is implemented. Set the 'User Object Filter' on the directory in Crowd to: (&(objectCategory=Person)(sAMAccountName=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) This excludes users who have the UF_ACCOUNTDISABLE flag set, which is the flag that Active Directory sets when you disable an account. Note that Confluence seems to be able to do this completely only on full sync which currently can only be triggered by a restart.

Assignee:: Unassigned

Reporter:: David O'Flynn [Atlassian]

Votes:: 10 Vote for this issue

Watchers:: 14 Start watching this issue

Created:: 01/Mar/2012 12:00 PM

Updated:: 19/Sep/2019 5:20 AM

Resolved:: 09/Oct/2014 10:08 PM

Confluence Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

Expand comment: Mark Lassau (Inactive) added a comment - 08/Oct/2013 12:33 AM

Collapse comment: HuseinA added a comment - 01/Mar/2012 12:10 PM

Expand comment: HuseinA added a comment - 01/Mar/2012 12:10 PM

People

Dates