We have customer requirement for username format shall be like: 123/45678#001 Important part of this format is '#001'.
If we add groups to these users, no problems at all. If we remove one or more groups from these users we get the following error on web frontend: Cannot remove user "123/45678#001" from group(s) "Benutzerverwaltung".
See attached log file for further details. (atlassian-crowd.log)
Same error occurs when we are using REST-API for batch processing:
/crowd/rest/usermanagement/latest/group/user/direct?groupname=Benutzerverwaltung&username=123/45678#001
Before any questions come accros the '/' and '#' in URL: Yes, we do a HTML encode before ('/'=%2F and '#'=%23).
Interesting behavior is: The group is removed from the user account but the result is an error.
We are using OpenLDAP connector to store users and groups.
Has anybody else an idea?
Otherwise have to push a ticket...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Jan,
you should not create a new answer if you want to comment your own question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I suggest that this symbol is not allowed. # is a fragment identifier of a URL. So the URL is misinterpreted by JIRA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Mathias,
thx for your response. We don't use JIRA. We use Crowd with custom applications.
Also in my opinion if the # is URL encoded there should not be any problems.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good point! I tested with deactivated caching function. Result: Error occurred but group has not been removed from user.
Then I tested again with activated caching function.
So the problem seems to be with the LDAP connector.
I'll report a bug for this!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, it sounds like a bug; please report it with enough detail to reproduce. When a membership can't be found in a remote directory it is automatically deleted from the local, so this may be simpler to isolate and reproduce with an uncached connector.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joseph,
Yes, I can. The group has been added without any errors, also no errors in log file.
To be safe, I logged out/in on the web console, searched the user again and the group is still present.
To be totally safe, I have to look at the underlying directory (OpenLDAP). Will prompt do this with some help from our LDAP experts and update you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Quick look into the LDAP directory with the Apache Directory Studio shows that everything is perfectly well as we ecpected it.
Furthermore other special characters like '@' have no problems. Log file also says that something has to be wrong in your implementation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
"The group is removed from the user account but the result is an error." Could you confirm that the group was added in the first place? During removal, the check for an existing membership is carried out before any attempt to delete.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.