-
Bug
-
Resolution: Unresolved
-
Low (View bug fix roadmap)
-
None
-
8.20.7, 9.12.12
-
None
-
8.2
-
13
-
Severity 3 - Minor
-
2
-
Issue Summary
When adding an external user directory with Default Group Memberships , the value in LOCAL column becomes 1 in cwd_group table however it doesn't reset back to 0 if we remove the group from the field later and save the configuration.
Steps to Reproduce
- Add an external user directory with Default Group Memberships
- Run a sync
- Check database and the value of LOCAL column becomes 1 in cwd_group table for that specific group
- Go back to the directory settings and remove that particular group from the Default Group Memberships field
- Check database and the value of LOCAL column is still 1 in cwd_group table
Expected Results
LOCAL column value should be reset back to 0 in cwd_group table if it's been removed from Default Group Memberships
Actual Results
value of LOCAL column is still 1 in cwd_group table
This will cause a situation to skip certain groups being synced if the names are matching in the LDAP and the local directory. Since we do not have any restrictions in having the same group names(at least not documented) this can create issues.
2022-05-12 06:22:06,043+0000 Caesium-1-4 INFO ServiceRunner [c.a.c.d.synchronisation.cache.DefaultGroupActionStrategy] group [ confluence-users ] in directory [ 10200 ] matches local group of same name, skipping
Workaround
The workaround is to update the DB value manually and set it to 0
Please note that this would result in remote ldap users losing membership of the group. If this group is used for application access, they will lose application access.
- is related to
-
-
- Gathering Impact
-