[CWD-4954] Users without an userExpired attribute get removed when synchronising ActiveDirectory with the 'Filter out expired users' setting enabled

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.0.2, 3.1.1
Affects Version/s: 2.11.1, 2.12.0, 3.0.1
Component/s: None
Labels:
- needs-docs

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

When using an ActiveDirectory directory and enabling the 'filter out expired users' checkbox users that are marked as expired should get filtered out, and not be present in the Crowd directory.

However, in some configurations AD might not return the userExpired attribute in LDAP queries. This will cause users who don't have the attribute to be inadvertently filtered out, and removed from Crowd.

Steps to Reproduce

Setup Crowd and add AD user directory;
- For the port, input 3268 for the Global Catalog;
- Ensure Filter out expired users;
Save and sync;

Expected behavior

Non-expired users are synchronized and appear in Crowd correctly.

Actual Behavior

Crowd filters out all users from that directory, so no users are displayed.

Investigation

(Reference: https://jira.atlassian.com/browse/JRASERVER-64099)

When using INCREMENTAL sync with "Filter out expired users", Crowd's ldapsearch includes a check for accountExpires;
accountExpires is not stored with Global Catalog (port 3268): https://msdn.microsoft.com/en-us/library/ms675098(v=vs.85).aspx;
This causes the search to return no results, causing Crowd to believe no users exist;

Workaround

Disable "Filter out expired users"; or
Connect to port 389, instead of 3268;

In Crowd versions older than 2.12, this issue only impacts Incremental sync, so disabling incremental sync is a possible workaround for those versions.

relates to

CWD-4889 Crowd Embedded Performs a Lookup to a Cross Domain DN when Follow Referrals is Disabled

Short Term Backlog

causes: KRAK-732 You do not have permission to view this issue

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Loading...

(1 mentioned in)

Ahmad Faridi made changes - 08/Oct/2024 10:40 AM

Remote Link

Original: This issue links to "KRAK-732 (JIRA Server)" [ 309855 ]

New: This issue links to "KRAK-732 (JIRA Server (Bulldog))" [ 309855 ]

Marcin Kempa made changes - 11/Sep/2019 2:49 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 449668 ]

Monique Khairuliana (Inactive) made changes - 19/Aug/2019 8:01 AM

Epic Link

Original: CWD-4704 [ 600140 ]

Monique Khairuliana (Inactive) made changes - 15/Aug/2019 7:06 AM

Workflow

Original: Simplified Crowd Development Workflow v2 - restricted [ 2415485 ]

New: JAC Bug Workflow v3 [ 3365806 ]

Owen made changes - 24/Oct/2018 5:05 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Felipe Kraemer made changes - 23/May/2018 6:44 PM

Remote Link

New: This issue links to "Page (Extranet)" [ 369456 ]

Daniele Carcasole (Inactive) made changes - 17/Apr/2018 1:29 PM

Link

New: This issue relates to CWD-4889 [ CWD-4889 ]

Patryk made changes - 28/Nov/2017 11:10 AM

Remote Link

New: This issue links to "Page (Extranet)" [ 335988 ]

Marcin Kempa made changes - 13/Nov/2017 4:47 PM

Remote Link

New: This issue links to "Page (Extranet)" [ 332297 ]

Lukasz Pater made changes - 10/Oct/2017 10:38 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Assignee:: Unassigned

Reporter:: Lukasz Pater

Affected customers:: 3 This affects my team

Watchers:: 8 Start watching this issue

Created:: 31/Jul/2017 2:14 PM

Updated:: 08/Oct/2024 10:40 AM

Resolved:: 10/Oct/2017 10:38 AM

Details

Description

Steps to Reproduce

Expected behavior

Actual Behavior

Investigation

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates