Delegated directories with activated setting "Update user attributes on Login" are not supported
Scenario
There are users from user directories that are configured as Internal with LDAP Authentication (also known as "delegated directories") and
the option "Update User attributes on Login" is enabled
Problem
If user profiles from such directories are updated manually (by the users themselves or by an administrator), there is an error page shown when saving the changes, containing an error similar to the following:
com.atlassian.core.exception.InfrastructureException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'Tester.10' because directory 'Delegated LDAP Authentication' does not allow updates. at bucket.user.DefaultUserAccessor.saveUser(DefaultUserAccessor.java:192)the following error can be observed in the logs
com.atlassian.core.exception.InfrastructureException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user <LOGIN_NAME> because directory 'Delegated LDAP Authentication' does not allow updates. at bucket.user.DefaultUserAccessor.saveUser(DefaultUserAccessor.java:208) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at com.atlassian.spring.interceptors.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:16) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy107.saveUser(Unknown Source) at com.atlassian.confluence.user.actions.EditMyProfileAction.updateUser(EditMyProfileAction.java:155) at com.atlassian.confluence.user.actions.EditMyProfileAction.doEdit(EditMyProfileAction.java:86) at de.communardo.confluence.plugins.userprofile.userprofile.modules.EditMyProfileAction.doEdit(EditMyProfileAction.java:46) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.opensymphony.xwork.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:302) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:170) at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35) at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165) ...the user data is not saved
Cause
This is due to the fact that the User Profiles app invokes the default Confluence behavior when saving user data and thus triggers a known issue of Confluence:
https://jira.atlassian.com/browse/CONFSERVER-53509
Workaround
If this is an option for you: deactivating the setting "Update User attributes on Login" will solve the issue.