After upgrade, Delegated LDAP directory users can be edited in JIRA in spite of "Update User attributes on Login" being checked

Summary

When upgrading to JIRA 7.3.x or later, Internal with LDAP Auth (Delegated LDAP) directories that were configured to copy user on login, have the Update User attributes on Login setting checked automatically. In the Directory Configuration Summary this is indicated as:

"crowd.delegated.directory.auto.update.user": "true"

However, in spite of this being true, users from that directory still allow for Editing from the Users page in Administration > User Management.

Environment

• Start with JIRA version prior to 7.3.0, with a Delegated LDAP Directory configured, with Copy User on First Login enabled.

For easier verification below, also have a user setup in the Delegated LDAP directory.

Steps to Reproduce

1. Upgrade JIRA to 7.3.0 or later
2. Navigate to ⚙ (Administration) > User Management > User Directories and review the Directory Configuration Summary
   • Verify that "crowd.delegated.directory.auto.update.user" is "true"
3. Navigate to ⚙ (Administration) > User Management > Users and Edit a user from the Delegated LDAP directory to mark it inactive.

Expected Results

The Edit link shouldn't even be displayed in the first place, per the text displayed when editing the Directory settings:

Users' attributes are updated from your LDAP server into JIRA when they authenticate. Selecting this means users can no longer be modified in JIRA.

See also: Documentation Enhancement - "Update User attributes on Login" for Delegated LDAP Directories

Actual Results

You are able to mark a user from the Delegated LDAP directory as inactive in JIRA.

Notes

May also relate to JRASERVER-63697 - User did not get updated to Active/Inactive with Delegated LDAP

Workaround

Edit the Delegated Directory and immediately Save without making any changes.

This will correctly trigger the change and make users un-editable in JIRA.