Details
-
Bug
-
Resolution: Answered
-
Low
-
None
-
2.7, 2.7.1, 2.7.2, 2.8
-
7
-
Severity 3 - Minor
-
0
-
Description
Bug Description
As describe in this improvement request, Crowd has the ability to retrieve "Account Disabled" since version 2.7.0. This however only work for CONNECTOR method of integration with Active Directory.
DELEGATED method will not work because Crowd will only retrieve the user information from AD server after a successful authentication. However, it is not possible for a disabled users to authenticate hence its status won't be brought over to Crowd and this user will still be counted as licensed user.
How to replicate
- Create a new test user in AD
- Create both "Connector" and "Delegated" directories to the AD
- Synchronise the "Connector" directory and login using the user from "Delegated" directory
- Both directories will specified the user as "Active"
- Disabled the user in AD
- Synchronise the "Connector" directory and login using the user from "Delegated" directory
Expected behaviour
User registered under the "Connector" and "Delegated" directory will be registered as "Disabled"
Result
Only user registered under "Connector" directory registered as "Disabled" and the user from "Delegated" directory won't be able to login and still registered as active.