Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Active Directory user groups not persistent

Patrick Joerg
Patrick Joerg
Contributor
August 19, 2021

Hi Everyone

There is for me a important difference between Jira and Confluence in persistence of user groups, that I was not aware of.

If a user login gets disabled in AD, he/she can't access Jira anymore and doesn't consume a licence. So far its equal to confluence. However as long as the user doesn't get deleted in AD it's group memberships and single permissions stay persistent in Jira.

Not so in confluence, at least not in my instance. Now we have a lot of users that "come" and "go". So is there a way to get the same functionality like Jira?

Otherwise I have to keep track of every single permission so that I can restore it if the user comes back.

Thanks for any solution better than that.

Answer
Watch
Like Charlie Misonne likes this
536 views

1 answer

0 votes
Patrick Joerg
Patrick Joerg
Contributor
October 19, 2021

No Ideas?

The probably relevant options from LDAP Config are:

 

ldap.basedn: ou=people,dc=xxx,dc=xx
ldap.external.id: objectGUID
ldap.filter.expiredUsers: true
ldap.group.description: description
ldap.group.filter: (objectCategory=Group)
ldap.group.name: cn
ldap.group.objectclass: group
ldap.group.usernames: member
ldap.local.groups: true
ldap.nestedgroups.disabled: false
ldap.pagedresults: true
ldap.propogate.changes: false
ldap.referral: true
ldap.relaxed.dn.standardisation: true
ldap.roles.disabled: true
ldap.user.filter: (&(objectCategory=Person)(sAMAccountName=*))
ldap.user.firstname: givenName
ldap.user.group: memberOf
ldap.user.lastname: sn
ldap.user.objectclass: user
ldap.user.username: sAMAccountName
ldap.user.username.rdn: cn
ldap.usermembership.use: false
ldap.usermembership.use.for.groups: false
localUserStatusEnabled: false

 

To me most of the relevant stuff looks the same on the jira instance, so I'm really stuck here.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.4.6
TAGS
AUG Leaders

Atlassian Community Events

    See all events