User updated event is always triggered when logging in with delegated LDAP authentication

XMLWordPrintable

    • 7.12
    • 1
    • Severity 3 - Minor
    • 0

      Issue Summary

      User updated event is always triggered when logging in with delegated LDAP authentication.

      This problem happens if Update User attributes on Login flag is enabled on the directory configuration page.

      User updated event should be triggered only when there is actually update of the user on LDAP side.
      However, the event was always triggered regardless if there is the update.

      Environment

      I used OpenLDAP to reproduce this problem.

      Steps to Reproduce

      1. Connecting to an internal directory with LDAP authentication
        • Please enable Update User attributes on Login flag
      2. Repeat to login/logout Jira with a user

      Expected Results

      1. Jira's webhook (user_updated event) should be triggered only when there is actually update on LDAP side
      2. In case that Confluence uses Jira for its user management, "User details updated" audit log should be recorded only when there is actually update on LDAP side
        • In this scenario, you need to synchronize the user directory from Confluence side after the above steps

      Actual Results

      1. Jira's webhook (user_updated event) was always triggered when the user logging in Jira
      2. "User details updated" audit logs were recorded on Confluence side as many times as the user logged in Jira
        • It results in a flood of audit log on Confluence

      Workaround

      There is no workaround.

            Assignee:
            Unassigned
            Reporter:
            Yuki Okamoto (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: