Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-29510

Allow disabling users which are sourced from a read-only LDAP directory

    XMLWordPrintable

    Details

    • UIS:
      13
    • Support reference count:
      41
    • Feedback Policy:
      We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Users currently can not be disabled from within Confluence if they are sourced from an LDAP directory which is configured as read-only.

      Until Confluence 5.1.4 (fixed in CONF-22337), a link was offered hinting that it was possible to do so, but on trying to perform the operation users were confronted with an error message like

      User "xxxxxx" could not be disabled. The directory may be read-only.
      

      The active column in cwd_user table (Embedded Crowd cache) indicates if a user is disabled as F(alse). If a user is disabled, he is not counted towards the license since he is not able to use Confluence. Currently, this property is not synchronised back to the LDAP directory (e.g. in form of a custom attribute).

      CWD-995 is going to change this behaviour for Active Directory connectors, meaning that disabling a user would synchronise back to the User-Account-Control attribute. Once this is implemented, we will be working on getting it shipped in Confluence.

      In order to currently disable a user which is sourced from a read-only LDAP directory, one must remove the user from the groups granting him use permission (e.g. confluence-users) or configure the directory with Read Only, with Local Groups and only assign use permission to those local groups.

      This issue tracks a possible feature allowing disabling users which are sourced from an LDAP directory configured as read-only from within Confluence. Before voting on it, please make sure you've read Connecting to an LDAP Directory and have considered alternative solutions. You will give this issue more momentum by detailing your use case in a comment and the reason why this can not be solved otherwise.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              fakraemer fabs
              Votes:
              71 Vote for this issue
              Watchers:
              58 Start watching this issue

                Dates

                Created:
                Updated: