LDAP user deletion effect in Jira user base

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

When using an external LDAP directory (such as Active Directory), deleting a user from LDAP or causing them to be no longer included in Jira's synchronization (for example, moving the user outside the configured base DN or changing the user filter to exclude them) will result in one of two possible outcomes: in Jira, the user will be either deleted or marked as inactive.

Although this may not always be intuitive, even if the user performed actions in Jira, they may not be sufficient to keep the user in the Jira user database, as described below.

  • A user removed from LDAP is marked as inactive in Jira if the following applies:
    • User is not duplicated in another User Directory.

AND

      • The user is the assignee of at least one issue.

OR

      • The user is the reporter of at least one issue.

OR

      • The user has added at least one comment on an issue.
  • Otherwise, the user will be deleted from Jira even if any of the following applies:
    • User is duplicated in another User Directory

OR

    • The user has added at least one work log entry to an issue.

OR

    • The user has voted on at least one issue.

OR

    • The user is watching or is a participant in at least one issue.

OR

    • The user has been mentioned in at least one comment on an issue.

OR

    • The user is the project lead of at least one project.

OR

    • The user has been selected in any user picker field in at least one issue.


If you need to completely delete a user from Jira even if Jira would have marked them as inactive above, please refer to the article How to delete Jira user from database, including all warnings and caveats.

Example

Some users were created, performed different actions in Jira, and were deleted in LDAP:

  • tempwithworklog: user that only sets worklog, vote, and watch an issue

  • tempwithoutissues: read-only user in the instance (no action was performed in Jira)

  • tempwithissues: user that reported and assigned issues


And their actions in the system, as indicated above:


When they were removed from LDAP, we can observe only the tempwithissues user was kept and marked as inactive:


The same applies to comments. Only users that left comments on issues are kept as inactive.

Related topics:

For more information on LDAP synchronization please refer to:


Last modified on Aug 29, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.