-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
2.3.4
-
None
-
None
-
Severity 3 - Minor
-
Description
When there is a Group Name Attribute change in Delegated Authentication Directory, instead of updating an existing group's name to use the new attribute, Crowd creates another group with that alternate Group Name (So there will be some sort of a duplicate group).
How to Reproduce
- Create a user, with cn=UserA in LDAP.
- Create a group, with cn=GroupA, description=GroupAcopy, member=cn=UserA in LDAP
- Set up a Delegated Auth Directory in Crowd Console >> Directories >> Add Directory to sync Group memberships, and assign the Group Name Attribute to cn.
- Login as UserA into Crowd, which will automatically create the group, GroupA in Crowd as well.
- Update the Group Name Attribute in the Delegated Auth Directory Configuration in Crowd to description, this time.
- Login as UserA again
Notice that there will be another group called GroupAcopy created in Crowd, with the old group, GroupA still there (2 groups instead of 1). Expected behavior would be that Crowd will update GroupA to GroupAcopy (since it's a name attribute change).
- duplicates
-
CWD-1599 Ability to rename groups
- Under Consideration
[CWD-2723] Group Name attribute change behavior in Delegated Authentication Directory
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1510930 ] | New: JAC Bug Workflow v3 [ 3365757 ] |
| Symptom Severity | Original: Minor [ 14432 ] | New: Severity 3 - Minor [ 15832 ] |
| Resolution | New: Duplicate [ 3 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Symptom Severity | New: Minor [ 14432 ] |
| Workflow | Original: Simplified Crowd Development Workflow v2 [ 1392410 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1510930 ] |
| Workflow | Original: Crowd Development Workflow v2 [ 356637 ] | New: Simplified Crowd Development Workflow v2 [ 1392410 ] |
Stephan Haslinger
added a comment - This will also happen if the group name's AD attribute value is being changed. (e.g. from displayName="Employes" to "Employees").
Thinking about affected use cases:
- In Confluence you'll find two groups. The user may not know which one is correct.
- In Confluence assigned group restrictions/permissions will point to the old group. New members of the new group won't gain access automatically
- Deleting the old groups manually in Crowd would invalidate the (formerly set) permissions and restrictions in Confluence
Crowd could store the DN of each group (to identify that group within the AD) and update the attributes once they get changed within the AD.
Stephan Haslinger
added a comment - This will also happen if the group name's AD attribute value is being changed. (e.g. from displayName="Employes" to "Employees").
Thinking about affected use cases:
In Confluence you'll find two groups. The user may not know which one is correct.
In Confluence assigned group restrictions/permissions will point to the old group. New members of the new group won't gain access automatically
Deleting the old groups manually in Crowd would invalidate the (formerly set) permissions and restrictions in Confluence
Crowd could store the DN of each group (to identify that group within the AD) and update the attributes once they get changed within the AD.
Since our group names change frequently, we need this feature to be implemented. Any update on this?
Thanks