-
Bug
-
Resolution: Fixed
-
Medium
-
2.3.4, 2.5.2
How to Reproduce:
- Create 2 groups in LDAP:
- Group1
- Group2
- Assign membership attributes to each Group as per below:
- Group1
- member: Group2
- member: UserA
- Group2
- member: UserB
- Group1
- Set up a Delegated Authentication Directory in Crowd, with the Use Nested Groups and Sync Group Memberships options checked
- Login to Crowd using UserB (Notice that only Group2 is synced, Group1 is not synced even though Group2 is child of Group1).
- Login with UserA this time (Notice that Group1 is also synced now, but if you try to check on the Nested Members of Group1, you'll find that only UserA is a Nested/Direct Member of Group1. What happened to UserB? UserB is only a member of Group2.
This indicates that the Nested Groups functionality of Delegated Authentication Directory does not really work at all.
- duplicates
-
CWD-2719 LDAP Delegate: Also sync parent groups
- Closed
- is duplicated by
-
- Closed
- relates to
-
- Closed
-
- Closed
-
- Gathering Interest
- Testing discovered
-
-
- Closed
-
[CWD-2732] Nested Groups do not work with Delegated Authentication Directory
Jones Wu
added a comment - Hi Team,
I have upgraded to Crowd 2.6.1 and I still have this issue.
Please advise.
Thanks and Regards,
Kevin.
Jones Wu
added a comment - Hi Team,
I have upgraded to Crowd 2.6.1 and I still have this issue.
Please advise.
Thanks and Regards,
Kevin. Same problem here.
Please include a fix for this release soon. This is a major defect for users in a large AD environment.
I can verify that we are experiencing this problem as well.
The situation for us looks like this:
- Create an 'Atlassian Users' group in Active Directory
- Create two further groups, 'Team A' and 'Team B', and make them members of 'Atlassian Users'
- Verify that all three can by synced via a Crowd Active Directory Connector directory
- Add a Crowd Delegated Authentication Active Directory directory, configured as the Connector directory. Ensure nested groups are enabled and group synchronisation is turned on
- Have a member of 'Team A' or 'Team B' log in
- Note that 'Team A'/'Team B' appears in the Delegated Authentication directory, but 'Atlassian Users' does not
This bug makes user management significantly more difficult for us.
Stephan Haslinger
added a comment - Please don't think in small dimensions when evaluating the impact of this bug. Please think about a large AD with many groups and subgroups. Currently we have to add every single subgroup of every subgroup [...] of a supergroup to a Confluence page if we want to set permissions for a single supergroup.
Stephan Haslinger
added a comment - Please don't think in small dimensions when evaluating the impact of this bug. Please think about a large AD with many groups and subgroups. Currently we have to add every single subgroup of every subgroup [...] of a supergroup to a Confluence page if we want to set permissions for a single supergroup. Stephan Haslinger
added a comment - Support for groups and subgroups should be a key-feature for a usermanagement system like Crowd.
Are there any plans for this issue yet?
Stephan Haslinger
added a comment - Support for groups and subgroups should be a key-feature for a usermanagement system like Crowd.
Are there any plans for this issue yet? 
Hi Kevin,
sorry to hear that. If this doesn't seem to be working, please get in touch with support. They'll be able to take you through configuring this and confirm if there's an issue with this fix.