Crowd does not display all users' membership across multiple directories in an application with "Directory Aggregation" enabled
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
When checking to which groups, from multiple directories, a user belongs in a Crowd application, even though the option "Directory Aggregation" is enabled, only the groups from the first directory are shown.
- Crowd Server
- Remote application configured with multiple user directories
- Directory Aggregation enabled
- Add two different user directories to a Crowd Application, e.g., DirA and DirB
- Create one group in each directory, e.g., GroupA (in DirA) and GroupB (in DirB)
- Create a test_user and add this user to DirA and DirB
- Add the test_user as a member from GroupA and GroupB
- Select the Users tab, on the Crowd Application and search for the test_user
- When selecting the test_user and inspecting they group membership, only the group from the first directory listed in the application is shown
The complete membership information will be displayed in the remote application. Crowd Web UI will only display the information according to the first listed directory.
To know effectively if the Directory Aggregation is working as expected, you can retrieve the complete membership for any particular user, in any given Crowd application, by performing the following REST request to Crowd:
curl -v -H "X-Atlassian-Token: no-check" -u <application>:<application_password> -H "Content-Type: application/json" -X GET 'http://<CROWD_URL>:<CROWD_PORT>/crowd/rest/usermanagement/1/user/group/direct?username=<username>'
It's important to say, that Directory Aggregation works for Authorization Purposes only, as explained in Effective memberships with multiple directories. Users still must be able to authenticate against the first directory to which they belong in a Crowd application.