Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Summary
Currently, the delegated directory copies users on first login from the LDAP directory automatically. Some administrators do not want this behavior, as they wish to have more control (by creating the user manually).
Some suggested feature implementation:
- Adding a "Copy user on first login" flag in the Settings tab to be able to control this behavior through the UI
- Utilize the already existing "Add Users" flag for this purpose.
- While this flag is actually used for other purpose, we could utilize this flag as it's already available in the UI, and because the understanding of what the 2 flags do is somewhat similar
Workaround 1 - Use LDAP filter
An alternative workaround would be to be more specific with your LDAP search filter. Include something like a group membership test or an AD attribute value as part of the User object filter on the Configuration tab. This allows you to control who is eligible for provisioning to crowd, for example:
(&(objectClass=user)(sAMAccountName=*)(memberOf=Atlassian_users))
Workaround 2 - Disable auto.create.user from the database
- Take a backup of the Crowd Database
- Run the following query to identify the directory id of the Delegated directory that you wish to have this feature disabled
SELECT * FROM cwd_directory;
- Use the id in the following query (Replace <directoryID> with the id above):
UPDATE cwd_directory_attribute SET attribute_value='false' WHERE attribute_name = 'crowd.delegated.directory.auto.create.user' AND directory_id = <directoryID>;
- Restart Crowd