Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4923

Unable to disable users from delegated directory.

XMLWordPrintable

      Description

      When the user tries to disable a user from a delegated user directory, it will get an error stating that the directory is read-only. The delegated directory is configured with read and write permission.

      Environment

      • Confluence v6.1.0
        • Embedded Crowd v2.10
        • Embedded Crowd v2.3.3

      Steps to reproduce

      1. Configure a delegated directory in Confluence
      2. Login with the delegated user to copy the user details to Confluence database
      3. Logout and login as the Confluence admin
      4. Go to the delegated user profile and disable the user

      Expected Behavior

      The user is disabled

      Actual Result


      Following error message appears in the logs.

      2017-05-11 06:52:56,972 ERROR [http-nio-8080-exec-2] [confluence.user.crowd.CrowdDisabledUserManager] disableUser Could not disable user
 -- referer: http://confluence.ju.globaz.ch/admin/users/deactivateuser.action?username=jpa | url: /admin/users/deactivateuser-confirm.action | traceId: 3c79ebb000d44063 | userName: RPE | action: deactivateuser-confirm
com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'jpa' because directory 'Delegated LDAP Authentication' does not allow updates.
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'jpa' because directory 'Delegated LDAP Authentication' does not allow updates.

      After some investigation, it turns out Delegated Directory does not have "'UPDATE_USER'" permission in the database, inside the "CWD_DIRECTORY" table. This can be checked by the following SQL query:

      SELECT COUNT(*) FROM CWD_DIRECTORY_OPERATION O, CWD_DIRECTORY D WHERE O.DIRECTORY_ID=D.ID AND D.DIRECTORY_NAME='<name of the directory>';

      Note

      • This issue does not happen in Confluence 6.0.3
        • Which was having Embedded Crowd version 2.8.8

      Workaround

      Run the following query to check if the permission granted for the directory.

      #Query 1
SELECT COUNT(*) FROM CWD_DIRECTORY_OPERATION O, CWD_DIRECTORY D WHERE O.DIRECTORY_ID=D.ID AND D.DIRECTORY_NAME='<name of the directory>';

#Query 2
SELECT COUNT(*) FROM CWD_APP_DIR_OPERATION O, CWD_APP_DIR_MAPPING M, CWD_DIRECTORY D WHERE O.APP_DIR_MAPPING_ID=M.ID AND M.DIRECTORY_ID=D.ID AND D.DIRECTORY_NAME='<name of the directory>';

      If the result of the query is less than 12, please insert the missing permission with the following query.

      INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'CREATE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'DELETE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_GROUP');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_GROUP_ATTRIBUTE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_ROLE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_ROLE_ATTRIBUTE');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_USER');
INSERT INTO CWD_DIRECTORY_OPERATION VALUES(<directory-id>, 'UPDATE_USER_ATTRIBUTE');

      Replace the <directory-id> with the problematic directory. For more details, please refer to this documentation.

      Please note that modifying the database is dangerous and do remember to generate a database dump before performing it.

        1. upload.png
          upload.png
          29 kB
        2. upload2.png
          upload2.png
          78 kB

            [CWD-4923] Unable to disable users from delegated directory.

            Daniel Serkowski made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 707360 ]
            rtkachuk (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            Daniel Serkowski made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 707774 ]
            Daniel Serkowski made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 707360 ]
            SET Analytics Bot made changes -
            UIS Original: 5 New: 4
            rtkachuk (Inactive) made changes -
            Fix Version/s New: 5.0.1 [ 101711 ]
            Fix Version/s New: 5.1.0 [ 100694 ]
            rtkachuk (Inactive) made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            rtkachuk (Inactive) made changes -
            Assignee New: rtkachuk [ 3dfb2c7ca3e0 ]
            rtkachuk (Inactive) made changes -
            Status Original: Long Term Backlog [ 12073 ] New: In Progress [ 3 ]
            SET Analytics Bot made changes -
            UIS Original: 4 New: 5

              3dfb2c7ca3e0 rtkachuk (Inactive)
              lng@atlassian.com Lipkent Ng
              Affected customers:
              2 This affects my team
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: