-
Bug
-
Resolution: Not a bug
-
Medium
-
None
-
1.4.3, 2.6.2
-
None
-
Java 6, Tomcat 6 on Redhat
-
1
-
Severity 2 - Major
-
11
-
Issue Summary
When setting a Delegated directory in Crowd and disabling the "Add Users" permission in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application.
Steps to Reproduce
- Have a Delegated Authentication Directory
- In the Directory Permission Setting, disabling the "Add Users" permission
- Add this directory into Crowd Application
- Login to Crowd as one of the user from the Delegated LDAP
Expected Results
Users should not be able to login as users does not exist, and the "Add Users" permission is disabled.
Actual Results
Users will have successful login and users will get created in Crowd
Workaround
Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of crowd.delegated.directory.auto.create.user to false in the cwd_directory_attribute table, in the database
The steps are:
- identify the directory ID of the affected directory
select id,directory_name from cwd_directory;
- check if the attribute_value is set to "true" for the attribute crowd.delegated.directory.auto.create.user
select * from cwd_directory_attribute where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ;
if the value is set to true, proceed with the next step
- backup Crowd's database
- update the table cwd_directory_attribute to force the auto-creation to false
update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id>
- restart Crowd for the changes to take effect
[CWD-1221] Delegated directory with "Add Users" permission disabled still automatically adds users upon authentication.
Description |
Original:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled. h3. Actual Results Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
New:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled. h3. Actual Results Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
Labels | Original: cwd-cleanup-1 |
Resolution | New: Not a bug [ 12 ] | |
Status | Original: Long Term Backlog [ 12073 ] | New: Closed [ 6 ] |
Comment | [ A comment with security level 'atlassian-staff' was removed. ] |
Description |
Original:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results Users should not be able to login as users does not exist h3. Actual Results Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
New:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results Users should not be able to login as users does not exist, and the "_Add Users_" permission is disabled. h3. Actual Results Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
Description |
Original:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results # Users should not be able to login as users does not exist h3. Actual Results # Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
New:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results Users should not be able to login as users does not exist h3. Actual Results Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
Description |
Original:
h3. The problem:
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h4.Workaround In the Crowd Database, modify the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table. The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
New:
h3. Issue Summary
When setting a [Delegated directory|https://confluence.atlassian.com/display/CROWD/Configuring+a+Delegated+Authentication+Directory] in Crowd and [disabling the "_Add Users_" permission|https://confluence.atlassian.com/display/CROWD/Specifying+an+Application%27s+Directory+Permissions] in the directory configuration withing the Application section, the user still gets automatically created upon login into the client application. !add_user.png|thumbnail! h3. Steps to Reproduce # Have a [Delegated Authentication Directory|https://confluence.atlassian.com/crowd/configuring-a-delegated-authentication-directory-128287004.html] # In the Directory Permission Setting, disabling the "_Add Users_" permission # Add this directory into Crowd Application # Login to Crowd as one of the user from the Delegated LDAP h3. Expected Results # Users should not be able to login as users does not exist h3. Actual Results # Users will have successful login and users will get created in Crowd h3. Workaround Manually disable the Automatic User Creation in Delegated directory from the database side. This is done by modifying the value of {{crowd.delegated.directory.auto.create.user}} to false in the {{cwd_directory_attribute}} table, in the database The steps are: # identify the directory ID of the affected directory {code:sql} select id,directory_name from cwd_directory; {code} # check if the {{attribute_value}} is set to "true" for the attribute {{crowd.delegated.directory.auto.create.user}} {code:sql} select * from cwd_directory_attribute where attribute_name=' crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> ; {code} (i) if the value is set to true, proceed with the next step # backup Crowd's database # update the table cwd_directory_attribute to force the auto-creation to false {code:sql} update cwd_directory_attribute set attribute_value='false' where attribute_name='crowd.delegated.directory.auto.create.user' and directory_id=<directory_id> {code} # restart Crowd for the changes to take effect |
UIS | Original: 5 | New: 11 |
UIS | Original: 4 | New: 5 |