This issue has been created
There are 2 updates.
 
 
LDAP / cid:jira-generated-image-avatar-b64f7def-e7e1-451d-9ab4-5e2fafd2286e LDAP-153 In Progress

User sync does not clean attributes removed from ldap
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-c00b6fc0-0623-4640-b75e-3ff1e8b08ac3 Clemens Robbenhaar created this issue on 08/Feb/25 09:09
 
Summary: User sync does not clean attributes removed from ldap
Issue Type: cid:jira-generated-image-avatar-b64f7def-e7e1-451d-9ab4-5e2fafd2286e Bug
Affects Versions: 9.15.6
Assignee: Unassigned
Components: Authenticator
Created: 08/Feb/25 09:09
Priority: cid:jira-generated-image-static-major-f72caa05-07e2-4e46-a2eb-eea804a301eb Major
Reporter: Clemens Robbenhaar
Description:

If an attribute from the LDAP is removed, the corresponding user profile attribute is not cleaned up.

I have seen an actual use case where users of the organization might loose their email address while still being able to log in.

Steps to reproduce:

  1. give a test user an email, e.g. by the following ldif:
      
    dn: CN=User101,CN=Users,DC=localhost,DC=nodomain
changetype: modify
replace: mail
mail: user101@localhost.nodomain
  2. log in as that user - user gets email set in their profile
  3. remove the email attribute in LDAP: 
    dn: CN=User101,CN=Users,DC=localhost,DC=nodomain
changetype: modify
delete: mail
  4. log in again with that user

Expected behavior:

  • user has no loger their e-mail address set in the profile

Observed behavior:

  • email is still set in the user profile
 
 

2 updates

 
cid:jira-generated-image-avatar-c00b6fc0-0623-4640-b75e-3ff1e8b08ac3 Changes by Clemens Robbenhaar on 08/Feb/25 09:09
 
Assignee: Clemens Robbenhaar
Status: Open In Progress
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.