Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5613

Provide a feature to prevent Jira from deleting users synced from LDAP

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Directory - LDAP
    • Labels:
      None
    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Currently, Crowd deletes users if they're no longer found on the external directory (LDAP/AD) upon a sync.

      In the case of AD/LDAP malfunctioning and erroneously providing Crowd/Jira no such users, Crowd/Jira will delete them and cause severe outage to the customer.

      Deletion DEBUG logs can be spotted (if enabled) in the form of:

      ...
      2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_a ] not found, deleting
      2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_b ] not found, deleting
      2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_c ] not found, deleting
      ...
      

      The source code from DbCachingRemoteChangeOperations reads as follows (Stash reference here):

      for (User remoteUser : remoteUsers) {
          remoteUsernames.add(remoteUser.getName());
      }
      
      Set<String> remoteExternalIds = externalIdsOf(remoteUsers);
      
      Map<String, TimestampedUser> internalUsers = findInternalUsersUpdatedBefore(synchStartDate);
      
      // Find all Users in our internal cache.
      
      for (TimestampedUser internalUser : internalUsers.values()) {
          String userName = internalUser.getName();
      
          if (StringUtils.isBlank(internalUser.getExternalId())) {
              if (!remoteUsernames.contains(userName)) {
                  logger.debug("user [ {} ] not found, deleting", userName);
                  usersToDelete.add(userName);
              }
          } else {
              if (!remoteExternalIds.contains(internalUser.getExternalId())) {
                  logger.debug("user [ {} ] not found, deleting", userName);
                  usersToDelete.add(userName);
              }
          }
      }
      

      That is: if the external users list is empty or have null or invalid external ids, Crowd/Jira will proceed to delete them.

       

      The ask of this Feature Request is to provide some flag or config option to override and prevent user deletion even if the above conditions are met.

       

      This case might be a regression of JRASERVER-24937 (When a user is deleted in AD or Crowd, JIRA could keep the user in JIRA as an inactive user)

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            rmartinez3@atlassian.com Rodrigo Martinez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: