Details
-
Bug
-
Resolution: Not a bug
-
Low
-
None
-
4.3.7
Description
Steps to Reproduce
- Create 'user1' in the Internal Directory
- Create 'group1' in the Internal Directory
- Create a 'Read only with Local groups' connection to an LDAP directory which contains 'user1'
- Create an admin user in the LDAP, in the group confluence-administrators
- Log in to Confluence with the LDAP administrator account
- Disable the internal directory
- Create 'group1' - this will create a local group in the LDAP directory in Confluence (not in the LDAP itself)
- At this point you should have:
- Two directories in cwd_directory
- Two user1 records in cwd_user
- Two group1 records in cwd_group
- Two records in cwd_membership linking each user1 and group1 together in the correct directory
- Re-enable the Internal Directory
- Move the LDAP directory to the top of the list
- Go to group1 in Confluence - you should now be on the Group Members page and you should see all users in the group
- Click to delete user1
- Observe that the screen appears to refresh but the user still appears in the list.
- Check the database again. You will now have:
- Two directories in cwd_directory
- Two user1 records in cwd_user
- Two group1 records in cwd_group
- One record in cwd_membership linking user1 and group1 together in the Internal directory only.
- This appears to be occurring because the user is successfully deleted from group1 in the LDAP directory, but still exists in group1 in the Internal directory. The list of members appears to be built from all active directories, whereas the delete function appears to only operate on the top directory.
Expected behaviour here is unclear. Should hitting 'delete' in the Group Members page remove the user from that group in all active directories? Or should the Group Members page only display the memberships in current directory?
Workarounds
- Disable the directory that is not in use, so the user only exists in one directory
- Remove the user from one directory