Confluence users can not update their profiles when Active Directory is being used by Jira in Read Only mode

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Low
    • None
    • Affects Version/s: 7.19.0
    • Component/s: User - Profile
    • None
    • 1
    • Severity 3 - Minor

      Issue Summary

      When Jira is connected to the Active Directory as "Read Only" and Confluence uses Jira as a user directory in "Read/Write" mode, Confluence users can not modify their profiles and gets a permission error from the Active Directory. However, Confluence users can change their profiles when Jira is used in "Read Only" mode.

      This is reproducible on Data Center: (yes)

      Steps to Reproduce

      1. Configure Active Directory on the Jira side in "Read Only" mode.
      2. Configure Jira as a user directory on Confluence in "Read/Write" mode.
      3. Update a user profile. (for example, changing phone number or department name)

      Expected Results

      Users should be able to edit their profiles regardless the Jira is connected as "Read Only" or "Read/Write" mode.

      Actual Results

      Users can not edit their profiles due to the permission issue on Active Directory.

      The below exception is thrown in the atlassian-confluence.log file:

      2022-09-29 15:36:05,146 WARN [http-nio-8090-exec-448 url: /users/doeditmyprofile.action; user: username] [confluence.user.actions.EditMyProfileAction] doEdit Failed to update user profile.
 -- referer: http://localhost:8090/users/editmyprofile.action | url: /users/doeditmyprofile.action | traceId: 7da4bd908bb9b947 | userName: username | action: doeditmyprofile
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'username' because directory 'Active-Directory-Server' does not allow updates.</message></error>
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:282)
	at com.atlassian.confluence.impl.user.crowd.TransactionalCrowdServiceWrapper.updateUser(TransactionalCrowdServiceWrapper.java:126)
....
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'username' because directory 'Active-Directory-Server' does not allow updates.</message></error>
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.throwError(RestExecutor.java:539)
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andCheckResponse(RestExecutor.java:467)
	at com.atlassian.crowd.integration.rest.service.RestCrowdClient.updateUser(RestCrowdClient.java:206)
....

      Workaround

      Using the Jira user directory in the "Read Only" mode.

        1. image-2022-10-06-10-26-30-350.png
          80 kB
          Ozhan Aydar

            Assignee:
            Unassigned
            Reporter:
            Ozhan Aydar (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: