Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
9.4.2
-
None
-
9.04
-
1
-
Severity 3 - Minor
-
1
-
Description
Issue Summary
When configuring Jira to use delegated LDAP with Default Group Memberships Jira does not populate its tables to include all related data to ensure that users can log in properly either for the first time or in subsequent logins (if marked to update attributes in each login).
This occurs on either SSO (third-party tools such as Jira SAML SSO) or direct authentication through LDAP.
This is reproducible on Data Center: (yes)
Steps to Reproduce
- Lift a Jira instance and setup a delegated LDAP directory marking to
- Create an user in LDAP with groups to be synchronized in Jira (as the example below we have a user with two groups - jira-administrators and jira-servicedesk-users)
- Login and observe the user is not set with the required groups
Expected Results
User created and set with all expected groups.
Actual Results
User created with only the Default Group.
Workaround
Either manually insert each user in the required group on Jira or create a new Delegated LDAP directory entry without any entry in "Default Group Memberships" and rank it first than the older (please proceed with cautious and only after proper backup - see the JRASERVER-75079 before proceeding with the new directory creation).
As example below, when creating same Delegated LDAP directory the result is correctly set:
The second workaround is using LDAP Connector instead of Delegated (if possible) - see Differences between connector and delegated LDAP directories in Jira.
Attachments
Issue Links
- relates to
-
JRASERVER-75079 When updating a Delegated LDAP directory it does not accept a blank value on Default Group Memberships if any value is already set
- Gathering Impact
-
JRASERVER-69638 Ensure that Default Group Membership works with third-party SSO
- Gathering Interest
- mentioned in
-
Page Loading...