Crowd - Removing group from user with '#' in username results in error

We have customer requirement for username format shall be like: 123/45678#001 Important part of this format is '#001'.

If we add groups to these users, no problems at all. If we remove one or more groups from these users we get the following error on web frontend: Cannot remove user "123/45678#001" from group(s) "Benutzerverwaltung".

See attached log file for further details. (atlassian-crowd.log)

Same error occurs when we are using REST-API for batch processing:


Before any questions come accros the '/' and '#' in URL: Yes, we do a HTML encode before ('/'=%2F and '#'=%23).

Interesting behavior is: The group is removed from the user account but the result is an error.

We are using OpenLDAP connector to store users and groups.

9 answers

1 accepted

I suggest that this symbol is not allowed. # is a fragment identifier of a URL. So the URL is misinterpreted by JIRA.

Dear Mathias,

thx for your response. We don't use JIRA. We use Crowd with custom applications.

Also in my opinion if the # is URL encoded there should not be any problems.

Has anybody else an idea?

Otherwise have to push a ticket...

Dear Jan,

you should not create a new answer if you want to comment your own question.

0 votes

"The group is removed from the user account but the result is an error." Could you confirm that the group was added in the first place? During removal, the check for an existing membership is carried out before any attempt to delete.

Quick look into the LDAP directory with the Apache Directory Studio shows that everything is perfectly well as we ecpected it.

Furthermore other special characters like '@' have no problems. Log file also says that something has to be wrong in your implementation.

Hi Joseph,

Yes, I can. The group has been added without any errors, also no errors in log file.

To be safe, I logged out/in on the web console, searched the user again and the group is still present.

To be totally safe, I have to look at the underlying directory (OpenLDAP). Will prompt do this with some help from our LDAP experts and update you.

0 votes

Yes, it sounds like a bug; please report it with enough detail to reproduce. When a membership can't be found in a remote directory it is automatically deleted from the local, so this may be simpler to isolate and reproduce with an uncached connector.

Good point! I tested with deactivated caching function. Result: Error occurred but group has not been removed from user.

Then I tested again with activated caching function.

  1. Removed Group from user
  2. Error occurred and group was removed
  3. Looked direcly into LDAP. Group was still attached to the user!
  4. Clicked on synchronisation
  5. On crowd web console: Group was added to user by synchronisation

So the problem seems to be with the LDAP connector.

I'll report a bug for this!

0 votes

Thanks for reporting this. This was filed as CWD-3923 and fixed with an upgrade to Spring LDAP to pick up LDAP-229. It will be in the next stable release of Crowd.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Opsgenie

Getting the Most out of Atlassian and Opsgenie Together

We’re excited to invite you to this action-packed webinar where we will demonstrate how to integrate Opsgenie’s powerful alerting and on-call management tools with your entire Atlassian stack. Mar...

72 views 0 1
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you