Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Broken user profile for LDAP (and SAML?) managed users

Assignee

Reporter

Labels

Sprint

Description

When user is created in LDAP domain, he cannot manage even the most basic configuration which is allowed for Clover-managed accounts. On the other hand, he can change his username (?!) which does not make any sense and potentially could poke a hole in security if this would actually work.

Change user details (by user himself)

Frontend appears to make changes even when "Cancel" is pressed but exactly the same happens when one presses "Save" - looks like changes were applied BUT in reality, they are not. Changes even persist when one reloads the page. After logout/login, old values are back, unchanged.

When password is invalidated, user can never login again

If administrator invalidates user's password. User can never login again because password change is not permitted AND administrator cannot take invalidation back. Only solution would be to re-create user which is also not possible as user accounts can only be disabled.

User SHOULD be able to change at the very least, his own password!

Please allow users to change their passwords in LDAP-managed environments!

Steps to reproduce

None

Attachments

3

Activity

Show:

Pavel Švec September 7, 2023 at 8:29 AM

Hi, small note. As admin, I’d be very confused by the fact I cannot change login information for the user unless I know the implication (which I would not). Please add a note to user detail saying something in sense of:

User credentials are managed by LDAP/SAML server. If you wish to change user details, invalidate or change password, you have to change them on the provisioning server.

The same, it’d be more user friendly if options to modify credentials would just not go away but were disabled with an explanation (see above).

Also consider this issue coupled with or at least the first part of the request (add domain information into the listing).

Jiri Trnka August 24, 2023 at 12:26 PM

I user is in SAML or LDAP domain the password and username shouldn't be editable. Both header button and menu options should be disabled. Also 'invalidate password' option should not be available in menus.

Clicking on 'cancel' button in user profile form should properly cancel all changes made by user.

 

Fixed

Details

Priority

Fix versions

Affects versions

QA Testing

UNDECIDED

Components

Created August 14, 2023 at 10:04 AM
Updated October 3, 2023 at 8:44 AM
Resolved August 24, 2023 at 12:26 PM
Configure