Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3093

Incremental AD synchronisation silently ignores remote deletions if the user does not have admin privileges

XMLWordPrintable

      Symptoms

      Users deletions in an AD are not propagated to Crowd by (apparently successful) incremental synchronisation if the connector binds to AD using unprivileged credentials.

      Steps to reproduce

      1. Create an unprivileged user in AD, e.g., CN=UnprivUser,OU=People,DC=sydney,DC=atlassian,DC=com
      2. Set up an AD LDAP connector in Crowd, use the unprivileged user credentials to connect to AD.
      3. Do a full synchronisation
      4. Create a new ephemeral user in AD using the AD console or any other tool different from Crowd itself.
      5. Synchronise again. An incremental synchronisation successfully propagates the new user to Crowd. Verify the new user actually exists in Crowd with the user browser.
      6. Delete the ephemeral user from AD using the AD console or any other tool different from Crowd itself.
      7. Synchronise again.

      Expected behaviour

      Either the deletion is propagated from AD to Crowd if possible (fallback to full sync?), or the user is notified about the failure to complete an incremental synchronisation (see CWD-2714).

      Actual behaviour

      The deletion is not propagated from AD to Crowd. The synchronisation completes without any error message, logs contain "deleting [ 0 ] users", and the ephemeral user still appears in the user browser.

            [CWD-3093] Incremental AD synchronisation silently ignores remote deletions if the user does not have admin privileges

            Renata Dornelas made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 176259 ]
            Marcin Kempa made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 449671 ]
            Monique Khairuliana (Inactive) made changes -
            Epic Link Original: CWD-4704 [ 600140 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1511204 ] New: JAC Bug Workflow v3 [ 3365905 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            Szczepan (Inactive) made changes -
            Fix Version/s New: 3.2.0 [ 76695 ]
            Resolution New: Fixed [ 1 ]
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            Szczepan (Inactive) made changes -
            Assignee New: Szczepan [ pszczepanik ]
            Szczepan (Inactive) made changes -
            Status Original: In Progress [ 3 ] New: In Progress [ 3 ]
            Szczepan (Inactive) made changes -
            Status Original: Open [ 1 ] New: In Progress [ 3 ]
            Szczepan (Inactive) made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 324900 ]

              pszczepanik Szczepan (Inactive)
              dberrueta Diego Berrueta
              Affected customers:
              18 This affects my team
              Watchers:
              24 Start watching this issue

                Created:
                Updated:
                Resolved: