Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Directory - LDAP
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Description

Currently, Crowd deletes users if they're no longer found on the external directory (LDAP/AD) upon a sync.

In the case of AD/LDAP malfunctioning and erroneously providing Crowd/Jira no such users, Crowd/Jira will delete them and cause severe outage to the customer.

Deletion DEBUG logs can be spotted (if enabled) in the form of:

...
2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_a ] not found, deleting
2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_b ] not found, deleting
2020-07-22 09:26:15,468 Caesium-1-3 DEBUG anonymous     [c.a.crowd.directory.DbCachingRemoteChangeOperations] user [ username_c ] not found, deleting
...

The source code from DbCachingRemoteChangeOperations reads as follows (Stash reference here):

for (User remoteUser : remoteUsers) {
    remoteUsernames.add(remoteUser.getName());
}

Set<String> remoteExternalIds = externalIdsOf(remoteUsers);

Map<String, TimestampedUser> internalUsers = findInternalUsersUpdatedBefore(synchStartDate);

// Find all Users in our internal cache.

for (TimestampedUser internalUser : internalUsers.values()) {
    String userName = internalUser.getName();

    if (StringUtils.isBlank(internalUser.getExternalId())) {
        if (!remoteUsernames.contains(userName)) {
            logger.debug("user [ {} ] not found, deleting", userName);
            usersToDelete.add(userName);
        }
    } else {
        if (!remoteExternalIds.contains(internalUser.getExternalId())) {
            logger.debug("user [ {} ] not found, deleting", userName);
            usersToDelete.add(userName);
        }
    }
}

That is: if the external users list is empty or have null or invalid external ids, Crowd/Jira will proceed to delete them.

The ask of this Feature Request is to provide some flag or config option to override and prevent user deletion even if the above conditions are met.

This case might be a regression of ~~JRASERVER-24937~~ (When a user is deleted in AD or Crowd, JIRA could keep the user in JIRA as an inactive user)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Rodrigo Martinez

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Jul/2020 1:09 AM

Updated:: 24/Jul/2020 1:09 AM