🤔 Scenario / Problem
There are users from user directories that are configured as Internal with LDAP Authentication (also known as "delegated directories") and the option "Update User attributes on Login" is enabled.
If user profiles from such directories are updated manually (by the users themselves or by an administrator), there is an error page shown when saving the changes, containing an error similar to the following:
com.atlassian.core.exception.InfrastructureException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user 'Tester.10' because directory 'Delegated LDAP Authentication' does not allow updates.
at bucket.user.DefaultUserAccessor.saveUser(DefaultUserAccessor.java:192)
The following error can be observed in the logs
com.atlassian.core.exception.InfrastructureException: com.atlassian.crowd.exception.OperationNotPermittedException: com.atlassian.crowd.exception.ApplicationPermissionException: Cannot update user <LOGIN_NAME> because directory 'Delegated LDAP Authentication' does not allow updates.
at bucket.user.DefaultUserAccessor.saveUser(DefaultUserAccessor.java:208)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at com.atlassian.spring.interceptors.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:16)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy107.saveUser(Unknown Source)
at com.atlassian.confluence.user.actions.EditMyProfileAction.updateUser(EditMyProfileAction.java:155)
at com.atlassian.confluence.user.actions.EditMyProfileAction.doEdit(EditMyProfileAction.java:86)
at de.communardo.confluence.plugins.userprofile.userprofile.modules.EditMyProfileAction.doEdit(EditMyProfileAction.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.opensymphony.xwork.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:302)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:170)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
...
→ The user data is not saved
🧐 Cause
This is because the User Profiles app invokes the default Confluence behavior when saving user data, which triggers a known Confluence issue.
🌱 Solution / Workaround
If this is an option for you, deactivating the "Update User attributes on Login" setting will resolve the issue.