Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1221

Delegated directory with "Add Users" permission disabled still automatically adds users upon authentication.

      Issue Summary

      When setting a Delegated directory in Crowd and disabling the "Add Users" permission in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.

      Steps to Reproduce

      1. Have a Delegated Authentication Directory
      2. In the Directory Permission Setting, disabling the "Add Users" permission
      3. Add this directory into Crowd Application
      4. Login to Crowd as one of the user from the Delegated LDAP

      Expected Results

      Users should not be able to login as users does not exist, and the "Add Users" permission is disabled.

      Actual Results

      Users will have successful login and users will get created in Crowd

      Workaround

      Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of crowd.delegated.directory.auto.create.user to false in the cwd_directory_attribute table, in the database
      The steps are:

      1. identify the directory ID of the affected directory
        select id,directory_name from cwd_directory;
        
      2. check if the attribute_value is set to "true" for the attribute crowd.delegated.directory.auto.create.user
        select * from cwd_directory_attribute where  attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
        

        if the value is set to true, proceed with the next step

      3. backup Crowd's database
      4. update the table cwd_directory_attribute to force the auto-creation to false
        update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
        
      5. restart Crowd for the changes to take effect

        1. add_user.png
          30 kB
          Tiago Comasseto

            [CWD-1221] Delegated directory with "Add Users" permission disabled still automatically adds users upon authentication.

            Nilton G. Junior made changes -
            Description Original: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled.

            h3. Actual Results
            Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            New: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled.

            h3. Actual Results
            Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            Monique Khairuliana (Inactive) made changes -
            Labels Original: cwd-cleanup-1
            Monique Khairuliana (Inactive) made changes -
            Resolution New: Not a bug [ 12 ]
            Status Original: Long Term Backlog [ 12073 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Comment [ A comment with security level 'atlassian-staff' was removed. ]
            Monique Khairuliana (Inactive) made changes -
            Description Original: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            Users should not be able to login as users does not exist

            h3. Actual Results
            Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            New: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled.

            h3. Actual Results
            Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            Monique Khairuliana (Inactive) made changes -
            Description Original: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            # Users should not be able to login as users does not exist

            h3. Actual Results
            # Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            New: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            Users should not be able to login as users does not exist

            h3. Actual Results
            Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            Monique Khairuliana (Inactive) made changes -
            Description Original: h3. The problem:
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.

            !add_user.png|thumbnail!

            h4.Workaround
            In the Crowd Database, modify the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table.
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
             update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            New: h3. Issue Summary
            When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
            !add_user.png|thumbnail!

            h3. Steps to Reproduce
            # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html]
            # In the Directory Permission Setting, disabling the "_Add Users_" permission
            # Add this directory into Crowd Application
            # Login to Crowd as one of the user from the Delegated LDAP

            h3. Expected Results
            # Users should not be able to login as users does not exist

            h3. Actual Results
            # Users will have successful login and users will get created in Crowd

            h3. Workaround
            Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database
            The steps are:
            # identify the directory ID of the affected directory
            {code:sql}
            select id,directory_name from cwd_directory;
            {code}
            # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}}
            {code:sql}
            select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
            {code}
            (i) if the value is set to true, proceed with the next step
            # backup Crowd's database
            # update the table cwd_directory_attribute to force the auto-creation to false
            {code:sql}
            update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
            {code}
            # restart Crowd for the changes to take effect
            Monique Khairuliana (Inactive) made changes -
            Link New: This issue relates to CWD-3554 [ CWD-3554 ]
            SET Analytics Bot made changes -
            UIS Original: 5 New: 11
            SET Analytics Bot made changes -
            UIS Original: 4 New: 5

              Unassigned Unassigned
              c1a912e9e861 Jared Bunting
              Affected customers:
              6 This affects my team
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: