-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
None
We have a basic rule in JIRA where active users that are assigned to or reported an issue can not be deleted as explained in this document. Again users or groups can not be renamed in JIRA and a feature request have since be tracked at JRA-1391 and JRA-1549 respectively.
If we integrate JIRA with a crowd server or LDAP directory and try to perform the operations above, an exception should be raised appropriately. In the present situation right now, no exception is raised and end up getting invalid users or groups.
Steps to replicate
1. create an application in crowd with some users as shown in screen-shot1
2. The users will be shown in JIRA after synchronization as shown in screen-shot2
3. Create an issue with the crowd directory users as the reporter of the issue and then try to delete the user. JIRA will raise a warning. See screen-shot3
4. Go to crowd and delete the user. No exception will be raised and user will be deleted. See screen-shot4
5. Synchronize directory in JIRA and user will still be inactive. See screen-shot5
This is more handful in the case where a group is renamed as a lot of schemes such as the permission scheme will be broken.
- is superseded by
-
- Closed
-
- Closed
[CWD-2515] CROWD and LDAP should respect the application rules
| Workflow | Original: JAC Suggestion Workflow [ 3388870 ] | New: JAC Suggestion Workflow 3 [ 3630892 ] |
| Status | Original: RESOLVED [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391623 ] | New: JAC Suggestion Workflow [ 3388870 ] |
| Issue Type | Original: Improvement [ 4 ] | New: Suggestion [ 10000 ] |
| Link |
New:
This issue is superseded by |
| Workflow | Original: Crowd Development Workflow v2 [ 303070 ] | New: Simplified Crowd Development Workflow v2 [ 1391623 ] |
Ali Mohamed Jawad [Atlassian]
made changes -
| Resolution | New: Won't Fix [ 2 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
| Description |
Original:
We have a basic rule in JIRA where active users that are assigned to or reported an issue can not be deleted as explained in this [document|http://confluence.atlassian.com/display/JIRA043/Managing+Users]. Again users or groups can not be renamed in JIRA and a feature request have since be tracked at [JRA-1391|https://jira.atlassian.com/browse/JRA-1391] and [ If we integrate JIRA with a crowd server or LDAP directory and try to perform the operations above, an exception should be raised appropriately. In the present situation right now, no exception is raised and end up getting invalid users or groups. *Steps to replicate* 1. create an application in crowd with some users as shown in screen-shot1 2. The users will be shown in JIRA after synchronization as shown in screen-shot2 3. Create an issue with the crowd directory users as the reporter of the issue and then try to delete the user. JIRA will raise a warning. See screen-shot3 4. Go to crowd and delete the user. No exception will be raised and user will be deleted. See screen-shot4 5. Synchronize directory in JIRA and user will still be inactive. |
New:
We have a basic rule in JIRA where active users that are assigned to or reported an issue can not be deleted as explained in this [document|http://confluence.atlassian.com/display/JIRA043/Managing+Users]. Again users or groups can not be renamed in JIRA and a feature request have since be tracked at [JRA-1391|https://jira.atlassian.com/browse/JRA-1391] and [ If we integrate JIRA with a crowd server or LDAP directory and try to perform the operations above, an exception should be raised appropriately. In the present situation right now, no exception is raised and end up getting invalid users or groups. *Steps to replicate* 1. create an application in crowd with some users as shown in screen-shot1 2. The users will be shown in JIRA after synchronization as shown in screen-shot2 3. Create an issue with the crowd directory users as the reporter of the issue and then try to delete the user. JIRA will raise a warning. See screen-shot3 4. Go to crowd and delete the user. No exception will be raised and user will be deleted. See screen-shot4 5. Synchronize directory in JIRA and user will still be inactive. See screen-shot5 This is more handful in the case where a group is renamed as a lot of schemes such as the permission scheme will be broken. |
| Summary | Original: CROWDrowd and LDAP should respect the application rules | New: CROWD and LDAP should respect the application rules |
| Attachment | New: screenshot-5.jpg [ 48882 ] |
| Attachment | New: screenshot-4.jpg [ 48881 ] |
We have no way of preventing arbitrary changes being made directly in LDAP servers. Also, Crowd cannot know all application rules imposed by client applications.
In theory, you could write a plugin for Crowd that would call back to JIRA to prevent actions that would corrupt JIRA. This would be totally JIRA specific and would not prevent changes being made directly to any possible LDAP servers.
In practise, user management should be performed using JIRA.