Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.10.4, 5.10.7
-
None
-
3
-
Severity 3 - Minor
-
Description
Summary
Using certain password regex in Crowd causes Confluence admins unable to create new users.
Environment
- Confluence connected to Atlassian Crowd
- Crowd version replicated with 2.11.2
Steps to Reproduce
- Have Confluence connected to Crowd. Set the connection as Read and Write. Make sure that synchronizations are successful and users are able to log in.
- Use Crowd's internal directory to be connected to Confluence.
- Set the following as [password regex|https://confluence.atlassian.com/crowd/configuring-an-internal-directory-18579551.html] for that user directory:
(?=.*[A-Z])
- Go to Confluence, make sure that Confluence has Mail server.
- Make sure that Crowd user directory listed on the highest User Directory hierarchy
- Go to Confluence Admin > Users > Add users > make sure that "Send an email to the user you have just created, which will allow them to set up their password." has been ticked
- Create a user this way
Expected Results
User is created, email is sent
Actual Results
User is not created
With the following error popped up:
Failed to create the user 'testuser'. Check your server logs for more information.
Below is seen in atlassian-confluence.log
2017-05-08 21:35:47,971 ERROR [http-nio-15104-exec-1] [confluence.user.actions.CreateUserAction] execute Failed to create user: testuser -- referer: http://localhost:15104/admin/users/createuser.action | url: /admin/users/docreateuser.action | traceId: 2563956fe6569a49 | userName: admin | action: docreateuser com.atlassian.core.exception.InfrastructureException: com.atlassian.user.security.authentication.InvalidPasswordException: com.atlassian.crowd.exception.InvalidCredentialException: The new password does not meet the directory complexity requirements: The string must contain at least 1 uppercase alphabetical character
Notes
- Currently, the only password regex that's observed to have this issue is
(?=.*[A-Z])
- There is a variant of this issue in Jira Server: https://jira.atlassian.com/browse/JRASERVER-69642
- This Password regex is presents no problem when creating users without the "Send an email to the user you have just created, which will allow them to set up their password." ticked. Provided that the password set complies to the regex.
Attachments
Issue Links
- is related to
-
JRASERVER-69642 Creating a user in Jira with password policy enabled in Crowd prevents creation of users
- Gathering Impact
- mentioned in
-
Page Loading...