Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-64402

LDAP read-only, with local groups allows addition/removal of users from other user directories

XMLWordPrintable

      Summary

      Groups synced from a user directory setup as LDAP read-only, with local groups, should be read-only, but JIRA allows you to add and remove users from other user directories. These changes are not synced to the LDAP server.

      Environment

      • LDAP user directory configured "LDAP read-only, with local groups"

      Steps to Reproduce

      1. Setup a LDAP user directory as "LDAP read-only, with local groups" (LDAP-1)
      2. Setup a second LDAP user directory as "LDAP read-only, with local groups" (LDAP-2)
      3. Try to add a user from LDAP-2 to a group from LDAP-1 (works even though LDAP-1 is read-only)
      4. Try to add a user from LDAP-1 to a group from LDAP-1 (fails as it should)

      Expected Results

      Both group edits should fail because their user directories are configured as read-only.

      Actual Results

      The addition of a user from LDAP-2 to a group from LDAP-1 is allowed.

            [JRASERVER-64402] LDAP read-only, with local groups allows addition/removal of users from other user directories

            Patrick added a comment -

            Confirmed on 7.2.7, if you use "Read Only" (without local groups!).

            Patrick added a comment - Confirmed on 7.2.7, if you use "Read Only" (without local groups!).

              Unassigned Unassigned
              dmcmorris@atlassian.com Douglas McMorris (Inactive)
              Affected customers:
              5 This affects my team
              Watchers:
              7 Start watching this issue

                Created:
                Updated: