-
Bug
-
Resolution: Fixed
-
Low
-
2.6
-
Severity 3 - Minor
-
Symptoms
Users deletions in an AD are not propagated to Crowd by (apparently successful) incremental synchronisation if the connector binds to AD using unprivileged credentials.
Steps to reproduce
- Create an unprivileged user in AD, e.g., CN=UnprivUser,OU=People,DC=sydney,DC=atlassian,DC=com
- Set up an AD LDAP connector in Crowd, use the unprivileged user credentials to connect to AD.
- Do a full synchronisation
- Create a new ephemeral user in AD using the AD console or any other tool different from Crowd itself.
- Synchronise again. An incremental synchronisation successfully propagates the new user to Crowd. Verify the new user actually exists in Crowd with the user browser.
- Delete the ephemeral user from AD using the AD console or any other tool different from Crowd itself.
- Synchronise again.
Expected behaviour
Either the deletion is propagated from AD to Crowd if possible (fallback to full sync?), or the user is notified about the failure to complete an incremental synchronisation (see CWD-2714).
Actual behaviour
The deletion is not propagated from AD to Crowd. The synchronisation completes without any error message, logs contain "deleting [ 0 ] users", and the ephemeral user still appears in the user browser.
- Discovered while testing
-
CWD-2713 USNChangedMapper throws NPEs if AD does not return the uSNChanged attribute
- Closed
- relates to
-
CONFSERVER-29363 Incremental AD Synchronization Ignores User Deletion
- Closed
-
CWD-2714 Crowd needs to detect when an incremental Update is not possible and react
- Long Term Backlog
- was cloned as
-
KRAK-855 Loading...