Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.12.0
Affects Version/s: 2.6, 2.7.2, 2.8
Component/s: None
Labels:
- warranty

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Steps to reproduce:

Create a LDAP directory with read and write permission
Turn on manage user Locally option
Deactivate any user from the directory

Expected Result
The user has been deactivated without error, and the change is not propagated to the backing directory. See https://confluence.atlassian.com/display/CROWD/Deleting+or+Deactivating+a+User.

End result:
Error message :

org.springframework.ldap.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0]; nested exception is javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0]; remaining name 'SOME USER DN'

Cause:
I suspect this issue was caused by the Configured Bind DN user have insufficient permission to write on AD, as when you click on update, it will prompt to check user's detail as below:

Managing user locally should not update anything to the LDAP/AD

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

crowd.png
33 kB
02/Apr/2015 8:31 AM
unnamed.png
48 kB
08/Apr/2015 1:10 PM

Issue Links

relates to

CWD-4110 Crowd tries to update display name on LDAP when different than first name plus last name

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

was cloned as: KRAK-254 Loading...

(1 mentioned in, 1 was cloned as)

Activity

People

Assignee:: Patryk

Reporter:: Wayne Wong (Inactive)

Votes:: 9 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 02/Apr/2015 8:30 AM

Updated:: 19/Aug/2019 8:01 AM

Resolved:: 18/Jan/2017 2:29 PM